diff options
| author |   claudio <claudio@openbsd.org> | 2020-12-29 09:49:04 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2020-12-29 09:49:04 +0000 |
| commit | f75399dca66c5b13b73dc0bf79c609685c3b05e3 (patch) | |
| tree | 00fe51a03ced1aee2319508ed384e4fce1901490 | |
| parent | Only skip routes with a loopback gateway for network static and connected. (diff) | |
| download | wireguard-openbsd-f75399dca66c5b13b73dc0bf79c609685c3b05e3.tar.xz wireguard-openbsd-f75399dca66c5b13b73dc0bf79c609685c3b05e3.zip | |
getifaddrs() can return entries where ifa_addr is NULL. Check for this
before accessing anything in ifa_addr.
OK florian@
| -rw-r--r-- | usr.sbin/bgpd/config.c | 5 | ||||
| -rw-r--r-- | usr.sbin/bgpd/session.c | 16 |
2 files changed, 13 insertions, 8 deletions
diff --git a/usr.sbin/bgpd/config.c b/usr.sbin/bgpd/config.c index 6656d5337ab..5cd5a01e188 100644 --- a/usr.sbin/bgpd/config.c +++ b/usr.sbin/bgpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.95 2020/02/14 13:54:31 claudio Exp $ */ +/* $OpenBSD: config.c,v 1.96 2020/12/29 09:49:04 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -339,7 +339,8 @@ get_bgpid(void) fatal("getifaddrs"); for (ifa = ifap; ifa; ifa = ifa->ifa_next) { - if (ifa->ifa_addr->sa_family != AF_INET) + if (ifa->ifa_addr == NULL || + ifa->ifa_addr->sa_family != AF_INET) continue; cur = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr; if ((cur & localnet) == localnet) /* skip 127/8 */ diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index 44c92912c65..2018c45dd1d 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.407 2020/12/23 13:20:47 claudio Exp $ */ +/* $OpenBSD: session.c,v 1.408 2020/12/29 09:49:04 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -1232,7 +1232,8 @@ get_alternate_addr(struct sockaddr *sa, struct bgpd_addr *alt) fatal("getifaddrs"); for (match = ifap; match != NULL; match = match->ifa_next) - if (sa_cmp(sa, match->ifa_addr) == 0) + if (match->ifa_addr != NULL && + sa_cmp(sa, match->ifa_addr) == 0) break; if (match == NULL) { @@ -1243,7 +1244,8 @@ get_alternate_addr(struct sockaddr *sa, struct bgpd_addr *alt) switch (sa->sa_family) { case AF_INET6: for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { - if (ifa->ifa_addr->sa_family == AF_INET && + if (ifa->ifa_addr != NULL && + ifa->ifa_addr->sa_family == AF_INET && strcmp(ifa->ifa_name, match->ifa_name) == 0) { sa2addr(ifa->ifa_addr, alt, NULL); break; @@ -1252,10 +1254,12 @@ get_alternate_addr(struct sockaddr *sa, struct bgpd_addr *alt) break; case AF_INET: for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { - struct sockaddr_in6 *s = - (struct sockaddr_in6 *)ifa->ifa_addr; - if (ifa->ifa_addr->sa_family == AF_INET6 && + if (ifa->ifa_addr != NULL && + ifa->ifa_addr->sa_family == AF_INET6 && strcmp(ifa->ifa_name, match->ifa_name) == 0) { + struct sockaddr_in6 *s = + (struct sockaddr_in6 *)ifa->ifa_addr; + /* only accept global scope addresses */ if (IN6_IS_ADDR_LINKLOCAL(&s->sin6_addr) || IN6_IS_ADDR_SITELOCAL(&s->sin6_addr)) |