[PATCH] net: ipv6: Fix NULL dereference in ipv6_route_check_nh
From: Purva Yeshi
Date: Wed Mar 26 2025 - 06:53:01 EST
Fix Smatch-detected error:
net/ipv6/route.c:3427 ip6_route_check_nh() error:
we previously assumed '_dev' could be null
Ensure _dev and idev are checked for NULL before dereferencing in
ip6_route_check_nh. Assign NULL explicitly when fib_nh_dev is NULL
to prevent unintended dereferences.
Signed-off-by: Purva Yeshi <purvayeshi550@xxxxxxxxx>
---
net/ipv6/route.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index ef2d23a1e3d5..ad5b3098eba0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -3424,9 +3424,20 @@ static int ip6_route_check_nh(struct net *net,
if (dev != res.nh->fib_nh_dev)
err = -EHOSTUNREACH;
} else {
- *_dev = dev = res.nh->fib_nh_dev;
- netdev_hold(dev, dev_tracker, GFP_ATOMIC);
- *idev = in6_dev_get(dev);
+ if (res.nh->fib_nh_dev) { /* Ensure fib_nh_dev is valid */
+ dev = res.nh->fib_nh_dev;
+
+ if (_dev) /* Only assign if _dev is not NULL */
+ *_dev = dev;
+
+ netdev_hold(dev, dev_tracker, GFP_ATOMIC);
+ *idev = in6_dev_get(dev);
+ } else {
+ if (_dev)
+ *_dev = NULL; /* Explicitly set NULL */
+ if (idev)
+ *idev = NULL; /* Explicitly set NULL */
+ }
}
return err;
--
2.34.1