[ipv6] Avoid potentially copying from a NULL pointer in ipv6_tx()

If ipv6_tx() is called with a non-NULL network device, a NULL or unspecified source address, and a destination address which does not match any routing table entry, then it will attempt to copy the source address from a NULL pointer. I don't think that there is currently any code path which could trigger this behaviour, but we should probably ensure that it can never happen. Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2014-05-23 13:47:19 +0100
committer: Michael Brown <mcb30@ipxe.org> 2014-05-23 14:11:17 +0100
commit: 7627f6c071f4e67b855b02189ca1e3523a1c3bd5 (patch)
tree: 110593ba88205b542ac7168007a6ccacc4b6d861 /src/net
parent: 3a1adea0360e73c91ebed63b671303601a63b450 (diff)
download: ipxe-7627f6c071f4e67b855b02189ca1e3523a1c3bd5.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/net/ipv6.c b/src/net/ipv6.c
index 77124940..3c374168 100644
--- a/src/net/ipv6.c
+++ b/src/net/ipv6.c
@@ -515,7 +515,8 @@ static int ipv6_tx ( struct io_buffer *iobuf,
 	}
 	if ( sin6_src && ! IN6_IS_ADDR_UNSPECIFIED ( &sin6_src->sin6_addr ) )
 		src = &sin6_src->sin6_addr;
-	memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
+	if ( src )
+		memcpy ( &iphdr->src, src, sizeof ( iphdr->src ) );
 
 	/* Fix up checksums */
 	if ( trans_csum ) {
author	Michael Brown <mcb30@ipxe.org>	2014-05-23 13:47:19 +0100
committer	Michael Brown <mcb30@ipxe.org>	2014-05-23 14:11:17 +0100
commit	7627f6c071f4e67b855b02189ca1e3523a1c3bd5 (patch)
tree	110593ba88205b542ac7168007a6ccacc4b6d861 /src/net
parent	3a1adea0360e73c91ebed63b671303601a63b450 (diff)
download	ipxe-7627f6c071f4e67b855b02189ca1e3523a1c3bd5.tar.gz