[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] net: fix null pointer dereference when parsing ICMP6_ROUTER_
From: |
Daniel Kiper |
Subject: |
Re: [PATCH] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages |
Date: |
Wed, 9 Mar 2022 17:04:08 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Thu, Feb 17, 2022 at 03:32:52PM -0600, Glenn Washburn wrote:
> On Thu, 17 Feb 2022 21:48:58 +0800
> Qiumiao Zhang via Grub-devel <grub-devel@gnu.org> wrote:
>
> > During UEFI PXE boot in IPv6 network, if the DHCP server adopts stateful
> > automatic
> > configuration, when the client receives the ICMP6_ROUTER_ADVERTISE message
> > multicast
> > from the server, it will cause the problem of dereference null
> > pointer and cause the grub2 program to crash.
>
> This commit message could be more clear. Maybe have something like:
>
> During UEFI PXE boot in IPv6 network, if the DHCP server adopts
> stateful automatic configuration, then the client receives a
> ICMP6_ROUTER_ADVERTISE multicast message from the server. This may be
> received without the interfaced having a configured network address,
> so orig_inf will be null, which can lead to a null dereference when
> creating the default route.
>
> Of course, assuming that the above is in fact correct.
>
> >
> > Fixes bug: https://savannah.gnu.org/bugs/index.php?62072
> > ---
> > grub-core/net/icmp6.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c
> > index 2cbd95d..264fc4a 100644
> > --- a/grub-core/net/icmp6.c
> > +++ b/grub-core/net/icmp6.c
> > @@ -477,7 +477,7 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb,
> >
> > /* May not have gotten slaac info, find a global address on this
> > card. */
> > - if (route_inf == NULL)
> > + if (route_inf == NULL && orig_inf != NULL)
>
> So if orig_inf == NULL and route_inf == NULL here, we do not set a
> default route. Does this have any implications to be concerned about?
>
> In this case, can we still find a good route interface and setup a
> default route?
Qiumiao, I am happy to take this patch but before that please address
Glenn's concerns.
Daniel
- Re: [PATCH] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages,
Daniel Kiper <=