From 7103ae4d8b24b171f5321894a9bb045d018f0f40 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Mon, 22 Oct 2018 12:24:05 +0200 Subject: ipv6: fix IPv6 processing of sessions that only have only a link-local address Several modules assume that if ses->ipv6 is set, then ses->ipv6->addr_list contains at least one element. But this is not true if ipv6 was allocated by the pseudo ipdb backend of ipv6cp (ipv6cp_opt_intfid.c). That is, if the PPP session only has an automatic link-local address. This leads modules like pppd-compat and dhcpv6 to access invalid memory when trying to retrieve the IPv6 address of a PPP session. Signed-off-by: Guillaume Nault --- accel-pppd/ipv6/dhcpv6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'accel-pppd/ipv6') diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c index 84d36caa..36a5f15e 100644 --- a/accel-pppd/ipv6/dhcpv6.c +++ b/accel-pppd/ipv6/dhcpv6.c @@ -69,7 +69,7 @@ static void ev_ses_started(struct ap_session *ses) int sock; int f = 1; - if (!ses->ipv6) + if (!ses->ipv6 || list_empty(&ses->ipv6->addr_list)) return; a = list_entry(ses->ipv6->addr_list.next, typeof(*a), entry); -- cgit v1.2.3