[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] net: fix null pointer dereference when parsing ICMP6_ROUTER_
|
From: |
Glenn Washburn |
|
Subject: |
Re: [PATCH] net: fix null pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages |
|
Date: |
Thu, 17 Feb 2022 15:32:52 -0600 |
On Thu, 17 Feb 2022 21:48:58 +0800
Qiumiao Zhang via Grub-devel <grub-devel@gnu.org> wrote:
> During UEFI PXE boot in IPv6 network, if the DHCP server adopts stateful
> automatic
> configuration, when the client receives the ICMP6_ROUTER_ADVERTISE message
> multicast
> from the server, it will cause the problem of dereference null
> pointer and cause the grub2 program to crash.
This commit message could be more clear. Maybe have something like:
During UEFI PXE boot in IPv6 network, if the DHCP server adopts
stateful automatic configuration, then the client receives a
ICMP6_ROUTER_ADVERTISE multicast message from the server. This may be
received without the interfaced having a configured network address,
so orig_inf will be null, which can lead to a null dereference when
creating the default route.
Of course, assuming that the above is in fact correct.
>
> Fixes bug: https://savannah.gnu.org/bugs/index.php?62072
> ---
> grub-core/net/icmp6.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c
> index 2cbd95d..264fc4a 100644
> --- a/grub-core/net/icmp6.c
> +++ b/grub-core/net/icmp6.c
> @@ -477,7 +477,7 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb,
>
> /* May not have gotten slaac info, find a global address on this
> card. */
> - if (route_inf == NULL)
> + if (route_inf == NULL && orig_inf != NULL)
So if orig_inf == NULL and route_inf == NULL here, we do not set a
default route. Does this have any implications to be concerned about?
In this case, can we still find a good route interface and setup a
default route?
Glenn
> {
> FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
> {