* [PATCH v2] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages
@ 2022-04-16 1:50 Qiumiao Zhang
2022-04-21 13:40 ` Daniel Kiper
0 siblings, 1 reply; 2+ messages in thread
From: Qiumiao Zhang @ 2022-04-16 1:50 UTC (permalink / raw)
To: grub-devel; +Cc: fengtao40, zhangqiumiao1, rose.chen, zhaowei23
During UEFI PXE boot in IPv6 network, if the DHCP server adopts
stateful automatic configuration, then the client receives a
ICMP6_ROUTER_ADVERTISE multicast message from the server. This may be
received without the interfaced having a configured network address,
so orig_inf will be null, which can lead to a null dereference when
creating the default route. Actually, in this case, the client obtains
the default route through DHCPv6 instead of RA messages. So if
orig_inf == NULL and route_inf == null, we should not set the default
route.
Fixes bug: https://savannah.gnu.org/bugs/index.php?62072
---
grub-core/net/icmp6.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c
index 2cbd95d..264fc4a 100644
--- a/grub-core/net/icmp6.c
+++ b/grub-core/net/icmp6.c
@@ -477,7 +477,7 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb,
/* May not have gotten slaac info, find a global address on this
card. */
- if (route_inf == NULL)
+ if (route_inf == NULL && orig_inf != NULL)
{
FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
{
--
2.19.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages
2022-04-16 1:50 [PATCH v2] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages Qiumiao Zhang
@ 2022-04-21 13:40 ` Daniel Kiper
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Kiper @ 2022-04-21 13:40 UTC (permalink / raw)
To: Qiumiao Zhang; +Cc: grub-devel, fengtao40, rose.chen, zhaowei23
On Sat, Apr 16, 2022 at 09:50:11AM +0800, Qiumiao Zhang via Grub-devel wrote:
> During UEFI PXE boot in IPv6 network, if the DHCP server adopts
> stateful automatic configuration, then the client receives a
> ICMP6_ROUTER_ADVERTISE multicast message from the server. This may be
> received without the interfaced having a configured network address,
> so orig_inf will be null, which can lead to a null dereference when
> creating the default route. Actually, in this case, the client obtains
> the default route through DHCPv6 instead of RA messages. So if
> orig_inf == NULL and route_inf == null, we should not set the default
> route.
>
> Fixes bug: https://savannah.gnu.org/bugs/index.php?62072
Missing "Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>" line.
May I add it on behalf of you?
Otherwise Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-21 13:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-16 1:50 [PATCH v2] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages Qiumiao Zhang
2022-04-21 13:40 ` Daniel Kiper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.