ndp: cope with unresolved neighbours

If we've not (yet) resolved a neighbour nda_lladdr will be NULL, and NLA_DATA_LEN(neigh->nda_lladdr) will dereference a NULL pointer. Avoid that by checking nda_lladdr first, and only dereferencing if it's not NULL. Test case: ping6 -c 1 <non-existant neighbour> ndp -a Reviewed by: melifaro MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41903 (cherry picked from commit b57df6f)
pfsense · Sep 18, 2023 · e9e1dd2 · e9e1dd2
1 parent 48e1e2f
commit e9e1dd2
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/usr.sbin/ndp/ndp_netlink.c b/usr.sbin/ndp/ndp_netlink.c
@@ -230,9 +230,12 @@ print_entry(struct snl_parsed_neigh *neigh, struct snl_parsed_link_simple *link)
 		.sdl_family = AF_LINK,
 		.sdl_type = link->ifi_type,
 		.sdl_len = sizeof(struct sockaddr_dl),
-		.sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
 	};
-	memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+
+	if (neigh->nda_lladdr) {
+		sdl.sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
+		memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+	}
 
 	addrwidth = strlen(host_buf);
 	if (addrwidth < W_ADDR)