From c260d5cd8e364ad448ba714d9f851976c6f8da51 Mon Sep 17 00:00:00 2001 From: "Alexander V. Chernikov" Date: Sat, 25 Jun 2022 19:32:59 +0000 Subject: [PATCH] routing: fix crash when RTM_CHANGE results in no-op for the multipath route. Reporting logic assumed there is always some nhop change for every successful modification operation. Explicitly check that the changed nexthop indeed exists when reporting back to userland. MFC after: 2 weeks Reported by: Claudio Jeker Tested by: Claudio Jeker --- sys/net/rtsock.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index bbdd0279a04..6775f09cfe5 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1124,9 +1124,12 @@ route_output(struct mbuf *m, struct socket *so, ...) rc = rc_simple; } #endif + /* nh MAY be empty if RTM_CHANGE request is no-op */ nh = rc.rc_nh_new; - rtm->rtm_index = nh->nh_ifp->if_index; - rtm->rtm_flags = rc.rc_rt->rte_flags | nhop_get_rtflags(nh); + if (nh != NULL) { + rtm->rtm_index = nh->nh_ifp->if_index; + rtm->rtm_flags = rc.rc_rt->rte_flags | nhop_get_rtflags(nh); + } } break; @@ -1163,7 +1166,7 @@ route_output(struct mbuf *m, struct socket *so, ...) senderr(EOPNOTSUPP); } - if (error == 0) { + if (error == 0 && nh != NULL) { error = update_rtm_from_rc(&info, &rtm, alloc_len, &rc, nh); /* * Note that some sockaddr pointers may have changed to