Module Name: src
Committed By: ozaki-r
Date: Tue May 29 04:37:16 UTC 2018
Modified Files:
src/sys/netinet6: in6.c
Log Message:
Avoid NULL pointer dereference on imm->i6mm_maddr
To generate a diff of this commit:
cvs rdiff -u -r1.266 -r1.267 src/sys/netinet6/in6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/in6.c
diff -u src/sys/netinet6/in6.c:1.266 src/sys/netinet6/in6.c:1.267
--- src/sys/netinet6/in6.c:1.266 Tue May 1 07:21:39 2018
+++ src/sys/netinet6/in6.c Tue May 29 04:37:16 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: in6.c,v 1.266 2018/05/01 07:21:39 maxv Exp $ */
+/* $NetBSD: in6.c,v 1.267 2018/05/29 04:37:16 ozaki-r Exp $ */
/* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.266 2018/05/01 07:21:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.267 2018/05/29 04:37:16 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1405,9 +1405,11 @@ in6_purgeaddr(struct ifaddr *ifa)
again:
mutex_enter(&in6_ifaddr_lock);
while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) {
+ struct in6_multi *in6m = imm->i6mm_maddr;
+ KASSERT(in6m == NULL || in6m->in6m_ifp == ifp);
LIST_REMOVE(imm, i6mm_chain);
mutex_exit(&in6_ifaddr_lock);
- KASSERT(imm->i6mm_maddr->in6m_ifp == ifp);
+
in6_leavegroup(imm);
goto again;
}
