From 5cb904b57e0cbcb84ffdf036ab3ad37ad7431ad3 Mon Sep 17 00:00:00 2001
From: Yonezawa-T2 <Yonezawa-T2@mail.dnp.co.jp>
Date: Wed, 9 Dec 2015 14:28:51 +0900
Subject: [PATCH] gnrc_sixlowpan_nd: fixed crash on
gnrc_sixlowpan_nd_next_hop_l2addr.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When `gnrc_ndp_node_next_hop_l2addr` cannot resolve L2 address, it creates a
temporary neighbor cache entry with interface `KERNEL_PID_UNDEF` (unless the
interface is already known) to send a neighbor solicitation. When another packet
directed to the same address is going to sent before receiving a neighbor
advertisement, `gnrc_sixlowpan_nd_next_hop_l2addr` gets the temporary neighbor
cache entry and calls `gnrc_ipv6_netif_get` with `KERNEL_PID_UNDEF`, resulting
get a `NULL`. We must check `NULL` before dereference it.
FYI, both `gnrc_ndp_node_next_hop_l2addr` and
`gnrc_sixlowpan_nd_next_hop_l2addr` are enabled when
`gnrc_sixlowpan_border_router_default` module is enabled with `GNRC_NETIF_NUMOF`
is greater than 1:
gnrc_sixlowpan_border_router_default
→ gnrc_ipv6_router_default
→ gnrc_ndp_router (if GNRC_NETIF_NUMOF > 1)
→ gnrc_ndp_node
→ gnrc_ndp_node_next_hop_l2addr is called from _next_hop_l2addr
gnrc_sixlowpan_border_router_default
→ gnrc_sixlowpan_nd_border_router
→ gnrc_sixlowpan_nd_router
→ gnrc_sixlowpan_nd
→ gnrc_sixlowpan_nd_next_hop_l2addr is called from _next_hop_l2addr
---
.../gnrc/network_layer/sixlowpan/nd/gnrc_sixlowpan_nd.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/sys/net/gnrc/network_layer/sixlowpan/nd/gnrc_sixlowpan_nd.c b/sys/net/gnrc/network_layer/sixlowpan/nd/gnrc_sixlowpan_nd.c
index 90b2bbd9c0..ebd9cfcd5e 100644
--- a/sys/net/gnrc/network_layer/sixlowpan/nd/gnrc_sixlowpan_nd.c
+++ b/sys/net/gnrc/network_layer/sixlowpan/nd/gnrc_sixlowpan_nd.c
@@ -154,10 +154,11 @@ kernel_pid_t gnrc_sixlowpan_nd_next_hop_l2addr(uint8_t *l2addr, uint8_t *l2addr_
if (nc_entry != NULL) {
gnrc_ipv6_netif_t *ipv6_if = gnrc_ipv6_netif_get(nc_entry->iface);
/* and interface is not 6LoWPAN */
- if (!(ipv6_if->flags & GNRC_IPV6_NETIF_FLAGS_SIXLOWPAN) ||
+ if (!((ipv6_if == NULL) ||
+ (ipv6_if->flags & GNRC_IPV6_NETIF_FLAGS_SIXLOWPAN)) ||
/* or entry is registered */
- (gnrc_ipv6_nc_get_type(nc_entry) == GNRC_IPV6_NC_TYPE_REGISTERED)) {
- next_hop = dst;
+ (gnrc_ipv6_nc_get_type(nc_entry) == GNRC_IPV6_NC_TYPE_REGISTERED)) {
+ next_hop = dst;
}
}
#endif
--
GitLab