mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2025-01-13 06:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible NULL pointer dereference in autoip_start()

Browse Source 
autoip variable is dereferenced (autoip->state) before it is checked for NULL pointer
This commit is contained in:
Dirk Ziegelmeier 2019-08-28 07:24:31 +02:00
parent 7fd158a109
commit 79cd89f99d
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/core/ipv4/autoip.c
View File

@ -231,24 +231,25 @@ autoip_start(struct netif *netif)
LWIP_ASSERT_CORE_LOCKED(); LWIP_ASSERT_CORE_LOCKED();
LWIP_ERROR("netif is not up, old style port?", netif_is_up(netif), return ERR_ARG;); LWIP_ERROR("netif is not up, old style port?", netif_is_up(netif), return ERR_ARG;);
if (autoip == NULL) {
/* no AutoIP client attached yet? */
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE,
("autoip_start(): starting new AUTOIP client\n"));
autoip = (struct autoip *)mem_calloc(1, sizeof(struct autoip));
if (autoip == NULL) {
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE,
("autoip_start(): could not allocate autoip\n"));
return ERR_MEM;
}
/* store this AutoIP client in the netif */
netif_set_client_data(netif, LWIP_NETIF_CLIENT_DATA_INDEX_AUTOIP, autoip);
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE, ("autoip_start(): allocated autoip"));
}
if (autoip->state == AUTOIP_STATE_OFF) { if (autoip->state == AUTOIP_STATE_OFF) {
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE,
("autoip_start(netif=%p) %c%c%"U16_F"\n", (void *)netif, netif->name[0], ("autoip_start(netif=%p) %c%c%"U16_F"\n", (void *)netif, netif->name[0],
netif->name[1], (u16_t)netif->num)); netif->name[1], (u16_t)netif->num));
if (autoip == NULL) {
/* no AutoIP client attached yet? */
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE,
("autoip_start(): starting new AUTOIP client\n"));
autoip = (struct autoip *)mem_calloc(1, sizeof(struct autoip));
if (autoip == NULL) {
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE,
("autoip_start(): could not allocate autoip\n"));
return ERR_MEM;
}
/* store this AutoIP client in the netif */
netif_set_client_data(netif, LWIP_NETIF_CLIENT_DATA_INDEX_AUTOIP, autoip);
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE, ("autoip_start(): allocated autoip"));
}
/* add acd struct to list*/ /* add acd struct to list*/
acd_add(netif, &autoip->acd, autoip_conflict_callback); acd_add(netif, &autoip->acd, autoip_conflict_callback);
@ -262,8 +263,7 @@ autoip_start(struct netif *netif)
} }
autoip->state = AUTOIP_STATE_CHECKING; autoip->state = AUTOIP_STATE_CHECKING;
acd_start(netif, &autoip->acd, autoip->llipaddr); acd_start(netif, &autoip->acd, autoip->llipaddr);
} } else {
else {
LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE, LWIP_DEBUGF(AUTOIP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_STATE,
("autoip_start(): already started on netif=%p %c%c%"U16_F"\n", ("autoip_start(): already started on netif=%p %c%c%"U16_F"\n",
(void *)netif, netif->name[0], (void *)netif, netif->name[0],