diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2021-05-12 15:49:24 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-05-19 13:32:28 +0000 |
| commit | 010f19777085561cae108e5fd228ff258f7d102a (patch) | |
| tree | de345ec0d740ed3db835be599ece31456e43ba35 | |
| parent | 4a6c5c8f592f320bd72616836239b765f042b323 (diff) | |
| download | src-010f19777085561cae108e5fd228ff258f7d102a.tar.gz src-010f19777085561cae108e5fd228ff258f7d102a.zip | |
nd6: Avoid using an uninitialized sockaddr in nd6_prefix_offlink()
Commit 81728a538 ("Split rtinit() into multiple functions.") removed
the initialization of sa6, but not one of its uses. This meant that we
were passing an uninitialized sockaddr as the address to
lltable_prefix_free(). Remove the variable outright to fix the problem.
The caller is expected to hold a reference on pr.
Fixes: 81728a538 ("Split rtinit() into multiple functions.")
Reported by: KMSAN
Reviewed by: donner
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30166
(cherry picked from commit c1dd4d642fa0e2c8ea4f9a879f2cc4e5d6c39211)
| -rw-r--r-- | sys/netinet6/nd6_rtr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 2f721b4edcc3..2960b6cad951 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -2165,7 +2165,6 @@ nd6_prefix_offlink(struct nd_prefix *pr) int error = 0; struct ifnet *ifp = pr->ndpr_ifp; struct nd_prefix *opr; - struct sockaddr_in6 sa6; char ip6buf[INET6_ADDRSTRLEN]; uint64_t genid; int a_failure; @@ -2240,7 +2239,8 @@ restart: } if (a_failure) - lltable_prefix_free(AF_INET6, (struct sockaddr *)&sa6, + lltable_prefix_free(AF_INET6, + (struct sockaddr *)&pr->ndpr_prefix, (struct sockaddr *)&mask6, LLE_STATIC); return (error); |