ndp: cope with unresolved neighbours

If we've not (yet) resolved a neighbour nda_lladdr will be NULL, and NLA_DATA_LEN(neigh->nda_lladdr) will dereference a NULL pointer. Avoid that by checking nda_lladdr first, and only dereferencing if it's not NULL. Test case: ping6 -c 1 <non-existant neighbour> ndp -a Reviewed by: melifaro MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41903
2024-07-22 02:37:15 +00:00 · 2023-09-18 19:01:17 +02:00 · 2023-09-18 19:01:17 +02:00 · b57df6fbcc
parent 227d01c1bc
commit b57df6fbcc
1 changed files with 5 additions and 2 deletions
--- a/usr.sbin/ndp/ndp_netlink.c
+++ b/usr.sbin/ndp/ndp_netlink.c
@ -230,9 +230,12 @@ print_entry(struct snl_parsed_neigh *neigh, struct snl_parsed_link_simple *link)
 		.sdl_family = AF_LINK,
 		.sdl_type = link->ifi_type,
 		.sdl_len = sizeof(struct sockaddr_dl),
-		.sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
 	};
-	memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+
+	if (neigh->nda_lladdr) {
+		sdl.sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
+		memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+	}

 	addrwidth = strlen(host_buf);
 	if (addrwidth < W_ADDR)