[ipv6] Avoid potentially copying from a NULL pointer in ipv6_tx()

If ipv6_tx() is called with a non-NULL network device, a NULL or
unspecified source address, and a destination address which does not
match any routing table entry, then it will attempt to copy the source
address from a NULL pointer.

I don't think that there is currently any code path which could
trigger this behaviour, but we should probably ensure that it can
never happen.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/net/ipv6.c

@@ -515,7 +515,8 @@ static int ipv6_tx ( struct io_buffer *iobuf,
 	}
 	if ( sin6_src && ! IN6_IS_ADDR_UNSPECIFIED ( &sin6_src->sin6_addr ) )
 		src = &sin6_src->sin6_addr;
-	memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
+	if ( src )
+		memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
 
 	/* Fix up checksums */
 	if ( trans_csum ) {