RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

all/gnrc: fix null pointer dereference

Browse Source 
Check return values of following functions for null:
    - gnrc_netif_iter
    - gnrc_netif_hdr_build
    - gnrc_pktsnip_search_type
    - gnrc_netif_get_by_pid
    - gnrc_netif_hdr_get_netif
    - _nib_drl_get
This commit is contained in:
Mingjie Shen 2023-06-22 14:59:22 -04:00
parent 5d32c95c16
commit 51ff6c3675
9 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/gnrc_networking_mac/mac.c
View File

@ -36,9 +36,11 @@ int mac_cmd(int argc, char **argv)
gnrc_netif_t *netif = NULL; gnrc_netif_t *netif = NULL;
netif = gnrc_netif_iter(netif); netif = gnrc_netif_iter(netif);
if (netif) {
msg_t msg; msg_t msg;
msg.type = GNRC_MAC_TYPE_GET_DUTYCYCLE; msg.type = GNRC_MAC_TYPE_GET_DUTYCYCLE;
msg_send(&msg, netif->pid); msg_send(&msg, netif->pid);
}
#else #else
puts("MAC: radio duty-cycle unavailable."); puts("MAC: radio duty-cycle unavailable.");
#endif #endif

6
examples/gnrc_networking_mac/udp.c
View File

@ -91,7 +91,11 @@ static void send(char *addr_str, char *port_str, char *data, unsigned int num,
/* add netif header, if interface was given */ /* add netif header, if interface was given */
if (netif != NULL) { if (netif != NULL) {
gnrc_pktsnip_t *netif_hdr = gnrc_netif_hdr_build(NULL, 0, NULL, 0); gnrc_pktsnip_t *netif_hdr = gnrc_netif_hdr_build(NULL, 0, NULL, 0);
if (netif_hdr == NULL) {
puts("Error: unable to allocate netif header");
gnrc_pktbuf_release(ip);
return;
}
gnrc_netif_hdr_set_netif(netif_hdr->data, netif); gnrc_netif_hdr_set_netif(netif_hdr->data, netif);
ip = gnrc_pkt_prepend(ip, netif_hdr); ip = gnrc_pkt_prepend(ip, netif_hdr);
} }

1
sys/net/gnrc/network_layer/icmpv6/error/gnrc_icmpv6_error.c
View File

@ -51,6 +51,7 @@ static size_t _fit(const gnrc_pktsnip_t *orig_pkt)
if (netif_hdr) { if (netif_hdr) {
gnrc_netif_t *netif = gnrc_netif_hdr_get_netif(netif_hdr->data); gnrc_netif_t *netif = gnrc_netif_hdr_get_netif(netif_hdr->data);
assert(netif != NULL);
pkt_len -= netif_hdr->size; pkt_len -= netif_hdr->size;
DEBUG("gnrc_icmpv6_error: fitting to MTU of iface %u (%u)\n", DEBUG("gnrc_icmpv6_error: fitting to MTU of iface %u (%u)\n",

2
sys/net/gnrc/network_layer/ipv6/nib/_nib-arsm.c
View File

@ -44,7 +44,7 @@ void _snd_ns(const ipv6_addr_t *tgt, gnrc_netif_t *netif,
_nib_dr_entry_t *dr = _nib_drl_get(NULL, netif->pid); _nib_dr_entry_t *dr = _nib_drl_get(NULL, netif->pid);
/* add ARO based on interface */ /* add ARO based on interface */
if ((src != NULL) && gnrc_netif_is_6ln(netif) && if ((src != NULL) && gnrc_netif_is_6ln(netif) && (dr != NULL) &&
(_nib_onl_get_if(dr->next_hop) == (unsigned)netif->pid) && (_nib_onl_get_if(dr->next_hop) == (unsigned)netif->pid) &&
ipv6_addr_equal(&dr->next_hop->ipv6, dst)) { ipv6_addr_equal(&dr->next_hop->ipv6, dst)) {
eui64_t eui64; eui64_t eui64;

4
sys/net/gnrc/network_layer/ipv6/nib/nib.c
View File

@ -1424,6 +1424,10 @@ static void _handle_snd_na(gnrc_pktsnip_t *pkt)
static void _handle_pfx_timeout(_nib_offl_entry_t *pfx) static void _handle_pfx_timeout(_nib_offl_entry_t *pfx)
{ {
gnrc_netif_t *netif = gnrc_netif_get_by_pid(_nib_onl_get_if(pfx->next_hop)); gnrc_netif_t *netif = gnrc_netif_get_by_pid(_nib_onl_get_if(pfx->next_hop));
if (netif == NULL) {
return;
}
uint32_t now = evtimer_now_msec(); uint32_t now = evtimer_now_msec();
gnrc_netif_acquire(netif); gnrc_netif_acquire(netif);

5
sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c
View File

@ -548,6 +548,11 @@ static size_t _iphc_nhc_ipv6_decode(gnrc_pktsnip_t *sixlo, size_t offset,
uint16_t payload_len; uint16_t payload_len;
size_t tmp; size_t tmp;
if (netif == NULL) {
DEBUG("6lo iphc: unable to find NETIF snip\n");
return 0;
}
offset++; /* move over NHC header */ offset++; /* move over NHC header */
/* realloc size for uncompressed snip, if too small */ /* realloc size for uncompressed snip, if too small */
if (ipv6->size < (*uncomp_hdr_len + sizeof(ipv6_hdr_t))) { if (ipv6->size < (*uncomp_hdr_len + sizeof(ipv6_hdr_t))) {

13
sys/net/gnrc/transport_layer/tcp/gnrc_tcp_pkt.c
View File

@ -349,6 +349,7 @@ uint32_t _gnrc_tcp_pkt_get_seg_len(gnrc_pktsnip_t *pkt)
uint32_t seq = 0; uint32_t seq = 0;
uint16_t ctl = 0; uint16_t ctl = 0;
gnrc_pktsnip_t *snp = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_TCP); gnrc_pktsnip_t *snp = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_TCP);
assert(snp != NULL);
tcp_hdr_t *hdr = (tcp_hdr_t *) snp->data; tcp_hdr_t *hdr = (tcp_hdr_t *) snp->data;
ctl = byteorder_ntohs(hdr->off_ctl); ctl = byteorder_ntohs(hdr->off_ctl);
seq = _gnrc_tcp_pkt_get_pay_len(pkt); seq = _gnrc_tcp_pkt_get_pay_len(pkt);
@ -399,6 +400,12 @@ int _gnrc_tcp_pkt_setup_retransmit(gnrc_tcp_tcb_t *tcb, gnrc_pktsnip_t *pkt,
/* Extract control bits and segment length */ /* Extract control bits and segment length */
snp = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_TCP); snp = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_TCP);
if (snp == NULL) {
TCP_DEBUG_ERROR("-EINVAL: snp == NULL.");
TCP_DEBUG_LEAVE;
return -EINVAL;
}
ctl = byteorder_ntohs(((tcp_hdr_t *) snp->data)->off_ctl); ctl = byteorder_ntohs(((tcp_hdr_t *) snp->data)->off_ctl);
len = _gnrc_tcp_pkt_get_pay_len(pkt); len = _gnrc_tcp_pkt_get_pay_len(pkt);
@ -465,6 +472,12 @@ int _gnrc_tcp_pkt_acknowledge(gnrc_tcp_tcb_t *tcb, const uint32_t ack)
} }
snp = gnrc_pktsnip_search_type(tcb->pkt_retransmit, GNRC_NETTYPE_TCP); snp = gnrc_pktsnip_search_type(tcb->pkt_retransmit, GNRC_NETTYPE_TCP);
if (snp == NULL) {
TCP_DEBUG_ERROR("-EINVAL: snp == NULL.");
TCP_DEBUG_LEAVE;
return -EINVAL;
}
hdr = (tcp_hdr_t *) snp->data; hdr = (tcp_hdr_t *) snp->data;
/* There must be a packet, waiting to be acknowledged. */ /* There must be a packet, waiting to be acknowledged. */

4
sys/shell/cmds/gnrc_icmpv6_echo.c
View File

@ -292,6 +292,10 @@ static int _print_reply(gnrc_pktsnip_t *pkt, int corrupted, uint32_t triptime, v
gnrc_pktsnip_t *ipv6 = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_IPV6); gnrc_pktsnip_t *ipv6 = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_IPV6);
gnrc_pktsnip_t *icmpv6 = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_ICMPV6); gnrc_pktsnip_t *icmpv6 = gnrc_pktsnip_search_type(pkt, GNRC_NETTYPE_ICMPV6);
if (!ipv6 || !icmpv6) {
return -EINVAL;
}
ipv6_hdr_t *ipv6_hdr = ipv6->data; ipv6_hdr_t *ipv6_hdr = ipv6->data;
icmpv6_echo_t *icmpv6_hdr = icmpv6->data; icmpv6_echo_t *icmpv6_hdr = icmpv6->data;

6
sys/shell/cmds/gnrc_udp.c
View File

@ -90,7 +90,11 @@ static void _send(const char *addr_str, const char *port_str,
/* add netif header, if interface was given */ /* add netif header, if interface was given */
if (netif != NULL) { if (netif != NULL) {
gnrc_pktsnip_t *netif_hdr = gnrc_netif_hdr_build(NULL, 0, NULL, 0); gnrc_pktsnip_t *netif_hdr = gnrc_netif_hdr_build(NULL, 0, NULL, 0);
if (netif_hdr == NULL) {
printf("Error: unable to allocate netif header\n");
gnrc_pktbuf_release(ip);
return;
}
gnrc_netif_hdr_set_netif(netif_hdr->data, gnrc_netif_hdr_set_netif(netif_hdr->data,
container_of(netif, gnrc_netif_t, netif)); container_of(netif, gnrc_netif_t, netif));
ip = gnrc_pkt_prepend(ip, netif_hdr); ip = gnrc_pkt_prepend(ip, netif_hdr);