gnrc_ipv6: fix SEGFAULT when multicasting with multiple interfaces [backport 2019.10] #12521
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miri64
added
Area: network
This was referenced Oct 21, 2019
|
#12524 is already ACK'd and just waiting for Murdock. So I wait for that to be merged before I rebase. |
|
OK, thanks for that comment. I'll review the commit, but wait for the rebase. |
When writing to the IPv6 header the implementation currently doesn't take the packet with the (potentially) duplicated header, but the packet with the original one, which leads to the packet sent and then released in `gnrc_netif_ethernet.c` first and then accessed again in further iterations of the "writing to the IPv6 header" loop, which causes access to an invalid pointer, causing a crash. Fixes RIOT-OS#11980 (cherry picked from commit ce14ee1)
miri64
force-pushed
the
backport/2019.10/gnrc_ipv6/fix/i11980
branch
from
288b75f to
e95bb17
Compare
|
Rebased to current release branch |
|
ACK. Commits identical and link-local multicast ping works on native. |
kb2ma
approved these changes
Oct 21, 2019
80 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #12512
Contribution description
When writing to the IPv6 header the implementation currently doesn't take the packet with the (potentially) duplicated header, but the packet with the original one, which leads to the packet sent and then released in
gnrc_netif_ethernet.cfirst and then accessed again in further iterations of the "writing to the IPv6 header" loop, which causes access to an invalid pointer, causing a crash.Testing procedure
When repeating the "Steps to reproduce" in #11980, the node should not crash and you get a lot of (duplicate) replies. When using two interfaces with one being a 6LoWPAN interface, the node should not crash, pinging might however not work due to the bug fixed in #10499.
Issues/PRs references
Fixes #11980