diff options
author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-05-09 01:45:22 +0200 |
---|---|---|
committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-05-09 01:46:31 +0200 |
commit | 1d6a89cc86292e1cda346751f55bd8c7b38d0d29 (patch) | |
tree | 40a511ae1b3255eb0d7b7c291c2e04bc67401425 | |
parent | 61b287a16053172601e88bf99ede5e759fe1842b (diff) | |
download | slirp-1d6a89cc86292e1cda346751f55bd8c7b38d0d29.zip slirp-1d6a89cc86292e1cda346751f55bd8c7b38d0d29.tar.gz slirp-1d6a89cc86292e1cda346751f55bd8c7b38d0d29.tar.bz2 |
ndp_table: For unspecified address, return broadcast ethernet address
We cannot let the guest crash libslirp by making it answer a tftp
request such as shown in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33873
https://gitlab.com/qemu-project/qemu/-/issues/111
unspecified addresses may also be used for non-configured devices, so it
makes sense to use the broadcast ethernet address in that case, just
like we do with IPv4.
-rw-r--r-- | src/ndp_table.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/ndp_table.c b/src/ndp_table.c index 41481ca..fdb189d 100644 --- a/src/ndp_table.c +++ b/src/ndp_table.c @@ -62,7 +62,12 @@ bool ndp_table_search(Slirp *slirp, struct in6_addr ip_addr, DEBUG_CALL("ndp_table_search"); DEBUG_ARG("ip = %s", addrstr); - assert(!in6_zero(&ip_addr)); + /* If unspecified address */ + if (in6_zero(&ip_addr)) { + /* return Ethernet broadcast address */ + memset(out_ethaddr, 0xff, ETH_ALEN); + return 1; + } /* Multicast address: fec0::abcd:efgh/8 -> 33:33:ab:cd:ef:gh */ if (IN6_IS_ADDR_MULTICAST(&ip_addr)) { |