michaelh/zephyr
1
0
Fork 0
Code Releases Activity

net: if: ipv6_prefix_find() correctly tests if the prefix is used

Browse source 
ipv6_prefix_find() wrongly tests if the unicast address is in use
instead of the prefix. This has two implications:

- The function can return an expired prefix to net_if_ipv6_prefix_add(),
  which will do nothing more to enable it (since it assumes that it is
  already enabled). As a result, the prefix will not be used by the
  rest of the stack due to prefix->is_used being false.

- ipv6_prefix_find() loops using a bound of NET_IF_MAX_IPV6_PREFIX, but
  the size of the unicast[] array is defined by NET_IF_MAX_IPV6_ADDR.
  This could lead to an out-of-bound access if NET_IF_MAX_IPV6_ADDR is
  smaller than NET_IF_MAX_IPV6_PREFIX.

Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
This commit is contained in:
Florian Vaussard 2021-09-28 10:13:46 +02:00 committed by Jukka Rissanen
commit 96c3fd12c4
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
subsys/net/ip/net_if.c
View file

@ -2157,7 +2157,7 @@ static struct net_if_ipv6_prefix *ipv6_prefix_find(struct net_if *iface,
}
for (i = 0; i < NET_IF_MAX_IPV6_PREFIX; i++) {
if (!ipv6->unicast[i].is_used) {
if (!ipv6->prefix[i].is_used) {
continue;
}