From 2903a69d4a196ccbb98020435cf4206937843b96 Mon Sep 17 00:00:00 2001 From: Augustin Cavalier Date: Wed, 20 Sep 2023 16:39:09 -0400 Subject: [PATCH] network/ipv4: Fix NULL dereference in multicast-send. Fixes the KDL in #18585. While at it, add a missing NULL check and fix a leak. --- src/add-ons/kernel/network/protocols/ipv4/ipv4.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/add-ons/kernel/network/protocols/ipv4/ipv4.cpp b/src/add-ons/kernel/network/protocols/ipv4/ipv4.cpp index 5d40039064..6c10ff8c4b 100644 --- a/src/add-ons/kernel/network/protocols/ipv4/ipv4.cpp +++ b/src/add-ons/kernel/network/protocols/ipv4/ipv4.cpp @@ -1550,10 +1550,13 @@ ipv4_send_routed_data(net_protocol* _protocol, struct net_route* route, } if ((buffer->flags & MSG_MCAST) != 0 - && protocol->multicast_loopback) { + && (protocol != NULL && protocol->multicast_loopback)) { // copy an IP multicast packet to the input queue of the loopback // interface net_buffer *loopbackBuffer = gBufferModule->duplicate(buffer); + if (loopbackBuffer == NULL) + return B_NO_MEMORY; + status_t status = B_ERROR; // get the IPv4 loopback address struct sockaddr loopbackAddress; @@ -1568,8 +1571,11 @@ ipv4_send_routed_data(net_protocol* _protocol, struct net_route* route, sDatalinkModule->put_interface_address( loopbackBuffer->interface_address); loopbackBuffer->interface_address = address; - ipv4_receive_data(loopbackBuffer); + status = ipv4_receive_data(loopbackBuffer); } + + if (status != B_OK) + gBufferModule->free(loopbackBuffer); } TRACE_SK(protocol, " SendRoutedData(): header chksum: %" B_PRIu32