diff options
| author |   bluhm <bluhm@openbsd.org> | 2013-10-14 16:06:33 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2013-10-14 16:06:33 +0000 |
| commit | adf686f71ccefe7a93b11ba3e566fcb92676f8b9 (patch) | |
| tree | 02f26123defbb3d154af63d71e44a567bc0ab789 | |
| parent | tweak previous; (diff) | |
| download | wireguard-openbsd-adf686f71ccefe7a93b11ba3e566fcb92676f8b9.tar.xz wireguard-openbsd-adf686f71ccefe7a93b11ba3e566fcb92676f8b9.zip | |
By passing invalid values in the routing message, root could crash
the kernel from user land. Add a null pointer check as quick fix.
OK blambert@ claudio@
| -rw-r--r-- | sys/netinet/if_ether.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 205d7bfc2e8..d5637bae8d5 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ether.c,v 1.107 2013/09/03 10:25:32 mpi Exp $ */ +/* $OpenBSD: if_ether.c,v 1.108 2013/10/14 16:06:33 bluhm Exp $ */ /* $NetBSD: if_ether.c,v 1.31 1996/05/11 12:59:58 mycroft Exp $ */ /* @@ -191,7 +191,7 @@ arp_rtrequest(int req, struct rtentry *rt) * such as older version of routed or gated might provide, * restore cloning bit. */ - if ((rt->rt_flags & RTF_HOST) == 0 && + if ((rt->rt_flags & RTF_HOST) == 0 && rt_mask(rt) && satosin(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) rt->rt_flags |= RTF_CLONING; if (rt->rt_flags & RTF_CLONING) { |