The function __in6_dev_get() could return NULL pointer. This needs to be
checked before used in ipv6_mc_remap() and ipv6_mc_unmap(). Otherwise it
could result in null pointer dereference.
---
net/ipv6/addrconf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index b624e3d8c5f0..b5e490fe0bcd 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3718,6 +3718,9 @@ static void addrconf_type_change(struct net_device *dev, unsigned long event)
idev = __in6_dev_get(dev);
+ if(!idev)
+ return;
+
if (event == NETDEV_POST_TYPE_CHANGE)
ipv6_mc_remap(idev);
else if (event == NETDEV_PRE_TYPE_CHANGE)
--
2.25.1
On Sat, Aug 20, 2022 at 03:24:34AM -0700, lily wrote:
> The function __in6_dev_get() could return NULL pointer. This needs to be
> checked before used in ipv6_mc_remap() and ipv6_mc_unmap(). Otherwise it
> could result in null pointer dereference.
Its caller already checks it:
3689 if (idev)
3690 addrconf_type_change(dev, event);
3691 break;