robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[ipv6] Avoid potentially copying from a NULL pointer in ipv6_tx() 

If ipv6_tx() is called with a non-NULL network device, a NULL or
unspecified source address, and a destination address which does not
match any routing table entry, then it will attempt to copy the source
address from a NULL pointer.

I don't think that there is currently any code path which could
trigger this behaviour, but we should probably ensure that it can
never happen.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 years ago
parent
3a1adea036
commit
7627f6c071
1 changed files with 2 additions and 1 deletions
Unified View Show Diff Stats
  1. 2
    1
      src/net/ipv6.c

+ 2
- 1
src/net/ipv6.c View File

515 
 	}
 515 
 	}
516 
 	if ( sin6_src && ! IN6_IS_ADDR_UNSPECIFIED ( &sin6_src->sin6_addr ) )
 516 
 	if ( sin6_src && ! IN6_IS_ADDR_UNSPECIFIED ( &sin6_src->sin6_addr ) )
517 
 		src = &sin6_src->sin6_addr;
 517 
 		src = &sin6_src->sin6_addr;
518 
-	memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
518 
+	if ( src )
519 
+		memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
519
520
520 
 	/* Fix up checksums */
 521 
 	/* Fix up checksums */
521 
 	if ( trans_csum ) {
 522 
 	if ( trans_csum ) {

Write Preview
Loading…
Cancel
Save