[quagga-dev 8367] Potential null derefence 'cmsgptr' in rtadv_send_packet() ( zebra/rtadv.c )

david chosrova dada2372 at gmail.com
Mon Nov 22 19:43:01 GMT 2010


Hello,

If adata can not be allocated I think the return of ZCMSG_FIRSTHDR(&msg),
should be checked as ZCMSG_FIRSTHDR return either adata or NULL.

Is it correct ?



diff --git a/zebra/rtadv.c b/zebra/rtadv.c
index 8cc3c4c..f74d74f 100644
--- a/zebra/rtadv.c
+++ b/zebra/rtadv.c
@@ -330,13 +330,16 @@ rtadv_send_packet (int sock, struct interface *ifp)
   iov.iov_len = len;

   cmsgptr = ZCMSG_FIRSTHDR(&msg);
-  cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
-  cmsgptr->cmsg_level = IPPROTO_IPV6;
-  cmsgptr->cmsg_type = IPV6_PKTINFO;
+  if (cmsgptr != NULL)
+    {
+      cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+      cmsgptr->cmsg_level = IPPROTO_IPV6;
+      cmsgptr->cmsg_type = IPV6_PKTINFO;

-  pkt = (struct in6_pktinfo *) CMSG_DATA (cmsgptr);
-  memset (&pkt->ipi6_addr, 0, sizeof (struct in6_addr));
-  pkt->ipi6_ifindex = ifp->ifindex;
+      pkt = (struct in6_pktinfo *) CMSG_DATA (cmsgptr);
+      memset (&pkt->ipi6_addr, 0, sizeof (struct in6_addr));
+      pkt->ipi6_ifindex = ifp->ifindex;
+    }

   ret = sendmsg (sock, &msg, 0);
   if (ret < 0)



David Chosrova.

-- 
" Un homme sans passe est plus pauvre qu'un homme sans avenir" ( Elie Wiesel
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20101122/72463eba/attachment-0001.html>


More information about the Quagga-dev mailing list