Re: [PATCH] ipv6: ip6_fib: fix possible null-pointer-dereference in ipv6_route_native_seq_show
From: David Ahern
Date: Tue Nov 05 2024 - 10:44:23 EST
On 11/5/24 5:28 AM, Paolo Abeni wrote:
>
>
> On 11/1/24 05:48, Yi Zou wrote:
>> In the ipv6_route_native_seq_show function, the fib6_nh variable
>> is assigned the value from nexthop_fib6_nh(rt->nh), which could
>> return NULL. This creates a risk of a null-pointer-dereference
>> when accessing fib6_nh->fib_nh_gw_family. This can be resolved by
>> checking if fib6_nh is non-NULL before accessing fib6_nh->fib_nh_gw_family
>> and assign dev using dev = fib6_nh ? fib6_nh->fib_nh_dev : NULL;
>> to prevent null-pointer dereference errors.
>>
>> Signed-off-by: Yi Zou <03zouyi09.25@xxxxxxxxx>
>
> Please send a new revision, including a the target tree in the subj
> prefix - in this case 'net' and a suitable Fixes tag.
>
> /P
>
I would also like to understand why you believe NULL can really happen -
excluding memory corruption or custom patches to a kernel. If you look
at the make up of nexthop_fib6_nh it is defensive around bugs elsewhere
(nhsel > number of nexthops) and future changes (support for ipv6
nexthops that are not IPV6 addresses).
That comment applies to all of these patches around nexthop_fib6_nh
possibly returning NULL.