Re: [PATCH] ipv6: prevent possible NULL dereference in ndisc_recv_na()

From: Eric Dumazet
Date: Mon Jul 15 2024 - 22:31:39 EST


On Mon, Jul 15, 2024 at 7:16 PM Ma Ke <make24@xxxxxxxxxxx> wrote:
>
> In ndisc_recv_na(), __in6_dev_get() could return NULL, which is a NULL
> pointer dereference. Add a check to prevent bailing out.
>
> Fixes: 7a02bf892d8f ("ipv6: add option to drop unsolicited neighbor advertisements")
> Signed-off-by: Ma Ke <make24@xxxxxxxxxxx>
> ---
> net/ipv6/ndisc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index d914b23256ce..f7cafff3f6a9 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1000,6 +1000,8 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
> struct ndisc_options ndopts;
> struct net_device *dev = skb->dev;
> struct inet6_dev *idev = __in6_dev_get(dev);
> + if (!idev)
> + return SKP_DROP_REASON_NOT_SPECIFIED;
> struct inet6_ifaddr *ifp;
> struct neighbour *neigh;
> SKB_DR(reason);

Please do not mix code and variables.

Also, idev is correctly tested in the current code, therefore your
patch is not needed.

Thank you.