[ipv6] Avoid potentially copying from a NULL pointer in ipv6_tx()
If ipv6_tx() is called with a non-NULL network device, a NULL or unspecified source address, and a destination address which does not match any routing table entry, then it will attempt to copy the source address from a NULL pointer. I don't think that there is currently any code path which could trigger this behaviour, but we should probably ensure that it can never happen. Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
parent
3a1adea036
commit
7627f6c071
|
|
@ -515,7 +515,8 @@ static int ipv6_tx ( struct io_buffer *iobuf,
|
|||
}
|
||||
if ( sin6_src && ! IN6_IS_ADDR_UNSPECIFIED ( &sin6_src->sin6_addr ) )
|
||||
src = &sin6_src->sin6_addr;
|
||||
memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
|
||||
if ( src )
|
||||
memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
|
||||
|
||||
/* Fix up checksums */
|
||||
if ( trans_csum ) {
|
||||
|
|
|
|||
Reference in New Issue