Do not assume if_get(9) returns a non NULL ifp when using a route

interface index. This assumption is true for the moment iff the route lookup *and* the if_get() are done under KERNEL_LOCK(). This is not the case here. Found the hardway by Hrvoje Popovski. ok florian@, visa@, bluhm@
author: mpi <mpi@openbsd.org> 2017-11-21 12:05:09 +0000
committer: mpi <mpi@openbsd.org> 2017-11-21 12:05:09 +0000
commit: c0384984d415ce73678db483328ee504b1393278 (patch)
tree: 4893200045d8a10339f0e711fec4671816ed9584
parent: Move the addrhook disestablish from carpdetach() to carp_clone_destroy() (diff)
download: wireguard-openbsd-c0384984d415ce73678db483328ee504b1393278.tar.xz
wireguard-openbsd-c0384984d415ce73678db483328ee504b1393278.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index 2eff0072897..b2b6e46e2df 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_forward.c,v 1.95 2017/06/30 11:29:15 bluhm Exp $	*/
+/*	$OpenBSD: ip6_forward.c,v 1.96 2017/11/21 12:05:09 mpi Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $	*/
 
 /*
@@ -240,6 +240,8 @@ reroute:
 	 * modified by a redirect.
 	 */
 	ifp = if_get(rt->rt_ifidx);
+	if (ifp == NULL)
+		goto freecopy;
 	if (rt->rt_ifidx == m->m_pkthdr.ph_ifidx && !srcrt &&
 	    ip6_sendredirects &&
 	    (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
author	mpi <mpi@openbsd.org>	2017-11-21 12:05:09 +0000
committer	mpi <mpi@openbsd.org>	2017-11-21 12:05:09 +0000
commit	c0384984d415ce73678db483328ee504b1393278 (patch)
tree	4893200045d8a10339f0e711fec4671816ed9584
parent	Move the addrhook disestablish from carpdetach() to carp_clone_destroy() (diff)
download	wireguard-openbsd-c0384984d415ce73678db483328ee504b1393278.tar.xz wireguard-openbsd-c0384984d415ce73678db483328ee504b1393278.zip