In ndisc_recv_na(), __in6_dev_get() could return NULL, which is a NULL
pointer dereference. Add a check to prevent bailing out.

Fixes: 7a02bf892d8f ("ipv6: add option to drop unsolicited neighbor advertisements")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 net/ipv6/ndisc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index d914b23256ce..f7cafff3f6a9 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1000,6 +1000,8 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
 	struct ndisc_options ndopts;
 	struct net_device *dev = skb->dev;
 	struct inet6_dev *idev = __in6_dev_get(dev);
+	if (!idev)
+		return SKP_DROP_REASON_NOT_SPECIFIED;
 	struct inet6_ifaddr *ifp;
 	struct neighbour *neigh;
 	SKB_DR(reason);
-- 
2.25.1

On Mon, Jul 15, 2024 at 7:16 PM Ma Ke <make24@iscas.ac.cn> wrote:
>
> In ndisc_recv_na(), __in6_dev_get() could return NULL, which is a NULL
> pointer dereference. Add a check to prevent bailing out.
>
> Fixes: 7a02bf892d8f ("ipv6: add option to drop unsolicited neighbor advertisements")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  net/ipv6/ndisc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index d914b23256ce..f7cafff3f6a9 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1000,6 +1000,8 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
>         struct ndisc_options ndopts;
>         struct net_device *dev = skb->dev;
>         struct inet6_dev *idev = __in6_dev_get(dev);
> +       if (!idev)
> +               return SKP_DROP_REASON_NOT_SPECIFIED;
>         struct inet6_ifaddr *ifp;
>         struct neighbour *neigh;
>         SKB_DR(reason);

Please do not mix code and variables.

Also, idev is correctly tested in the current code, therefore your
patch is not needed.

Thank you.