Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 May 2016 23:07:26 +0000 (UTC)
From:      "Pedro F. Giffuni" <pfg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r299771 - head/sbin/routed
Message-ID:  <201605142307.u4EN7QIh077666@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pfg
Date: Sat May 14 23:07:26 2016
New Revision: 299771
URL: https://svnweb.freebsd.org/changeset/base/299771

Log:
  routed: Fix use after free.
  
  For the multihomed case, ifp be used after being freed. NULL the value
  after freeing it and avoid getting into the branch without reassigning
  a new value.
  
  CID:		272671
  Obtained from:	NetBSD
  MFC after:	2 weeks

Modified:
  head/sbin/routed/if.c

Modified: head/sbin/routed/if.c
==============================================================================
--- head/sbin/routed/if.c	Sat May 14 22:43:07 2016	(r299770)
+++ head/sbin/routed/if.c	Sat May 14 23:07:26 2016	(r299771)
@@ -955,6 +955,7 @@ ifinit(void)
 						  (intmax_t)now.tv_sec -
 						      ifp->int_data.ts);
 					ifdel(ifp);
+					ifp = NULL;
 				}
 				continue;
 			}
@@ -1151,7 +1152,7 @@ ifinit(void)
 	/* If we are multi-homed, optionally advertise a route to
 	 * our main address.
 	 */
-	if (advertise_mhome
+	if ((advertise_mhome && ifp)
 	    || (tot_interfaces > 1
 		&& mhome
 		&& (ifp = ifwithaddr(myaddr, 0, 0)) != NULL



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605142307.u4EN7QIh077666>