[BUG] Potential Null Pointer Dereference in fib6_purge_rt Function

[冯嘉仪]

Dear Maintainer,

Our team recently developed a null-pointer-dereference (NPD) vulnerability detection tool, and we used it to scan the Linux Kernel (version 6.9.6). After manual review, we identified a potentially vulnerable code snippet that could lead to a null-pointer dereference bug. We would appreciate your expert insight to confirm whether this vulnerability could indeed pose a risk to the system.

Vulnerability Description:
File:  net/ipv6/ip6_fib.c
In the function fib6_purge_rt, we found the following line of code:

fib6_info_hold(new_leaf);

The issue arises because the new_leaf pointer may be passed as NULL in certain situations. The statement passes the new_leaf pointer to fib6_info_hold without any check, but fib6_info_hold might contain a dereference operation on the new_leaf pointer, which could result in a null-pointer dereference.

Proposed Fix:
To prevent the potential null-pointer dereference, we suggest adding a NULL check for the new_leaf pointer before attempting to pass the pointer to fib6_info_hold.

Request for Review:
We would appreciate your expert insight to confirm whether this vulnerability indeed poses a risk to the system, and if the proposed fix is appropriate. If there are reasons why this issue does not present a real risk (e.g., the NULL check is redundant or unnecessary), we would be grateful for clarification.

Thank you for your time and consideration.