From b970d00064051be95911e57ce08d94f5f340c00b Mon Sep 17 00:00:00 2001 From: Martine Lenders Date: Thu, 14 Mar 2019 14:29:13 +0100 Subject: [PATCH] gnrc_ipv6_nib: check if pkt is NULL on error According to the documentation of `gnrc_ipv6_nib_get_next_hop_l2addr()` `pkt` may be `NULL`. However, whenever that function sends an error message (the methods for that require `orig_pkt` not to be NULL) `pkt` is not checked, which may lead to failed assertions. --- sys/net/gnrc/network_layer/ipv6/nib/nib.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sys/net/gnrc/network_layer/ipv6/nib/nib.c b/sys/net/gnrc/network_layer/ipv6/nib/nib.c index a85901143ace..6b3f66669668 100644 --- a/sys/net/gnrc/network_layer/ipv6/nib/nib.c +++ b/sys/net/gnrc/network_layer/ipv6/nib/nib.c @@ -203,7 +203,7 @@ int gnrc_ipv6_nib_get_next_hop_l2addr(const ipv6_addr_t *dst, /* _resolve_addr releases pkt only if not queued (in which case * we also shouldn't release), but if netif is not defined we * should release in any case. */ - if (netif == NULL) { + if ((netif == NULL) && (pkt != NULL)) { gnrc_icmpv6_error_dst_unr_send(ICMPV6_ERROR_DST_UNR_ADDR, pkt); gnrc_pktbuf_release_error(pkt, EHOSTUNREACH); @@ -228,10 +228,14 @@ int gnrc_ipv6_nib_get_next_hop_l2addr(const ipv6_addr_t *dst, memcpy(&route.next_hop, dst, sizeof(route.next_hop)); } else { - gnrc_icmpv6_error_dst_unr_send(ICMPV6_ERROR_DST_UNR_NO_ROUTE, - pkt); res = -ENETUNREACH; - gnrc_pktbuf_release_error(pkt, ENETUNREACH); + if (pkt != NULL) { + gnrc_icmpv6_error_dst_unr_send( + ICMPV6_ERROR_DST_UNR_NO_ROUTE, + pkt + ); + gnrc_pktbuf_release_error(pkt, ENETUNREACH); + } break; } } @@ -1197,6 +1201,7 @@ static bool _resolve_addr(const ipv6_addr_t *dst, gnrc_netif_t *netif, return false; } } + /* pkt != NULL already checked above */ else { gnrc_icmpv6_error_dst_unr_send(ICMPV6_ERROR_DST_UNR_ADDR, pkt);