Add NULL check like the rest of code has.

It is possible that ifma_protospec becomes NULL in this function for some entry, but it is still referenced and thus it will not unlinked from the list. Then "restart" condition triggers and this entry with NULL ifma_protospec will lead to page fault. PR: 228982
2018-06-14 09:36:25 +00:00 · 2018-06-14 09:36:25 +00:00 · 1879a98b2d
commit 1879a98b2d
parent 5568626787
1 changed files with 2 additions and 1 deletions
--- a/sys/netinet6/mld6.c
+++ b/sys/netinet6/mld6.c
@ -1679,7 +1679,8 @@ mld_v2_cancel_link_timers(struct mld_ifsoftc *mli)
 	IF_ADDR_WLOCK(ifp);
 restart:
 	CK_STAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next) {
-		if (ifma->ifma_addr->sa_family != AF_INET6)
+		if (ifma->ifma_addr->sa_family != AF_INET6 ||
+		    ifma->ifma_protospec == NULL)
 			continue;
 		inm = (struct in6_multi *)ifma->ifma_protospec;
 		switch (inm->in6m_state) {