From 120b1485e07abbbb8db21ac52667b1aa07bab406 Mon Sep 17 00:00:00 2001
From: Benjamin Valentin <benpicco@beuth-hochschule.de>
Date: Tue, 8 Dec 2020 18:47:57 +0100
Subject: [PATCH] gnrc_ipv6_nib: prevent NULL pointer dereference on nib
 exhaustion

If the NIB is full, `_nib_onl_get()` returns NULL.
`_reg_addr_upstream()` will then dereference the result without if
it is valid.
---
 sys/net/gnrc/network_layer/ipv6/nib/_nib-6lr.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/net/gnrc/network_layer/ipv6/nib/_nib-6lr.c b/sys/net/gnrc/network_layer/ipv6/nib/_nib-6lr.c
index 1229a632a2..8ce4030bce 100644
--- a/sys/net/gnrc/network_layer/ipv6/nib/_nib-6lr.c
+++ b/sys/net/gnrc/network_layer/ipv6/nib/_nib-6lr.c
@@ -84,8 +84,15 @@ uint8_t _reg_addr_upstream(gnrc_netif_t *netif, const ipv6_hdr_t *ipv6,
 #endif  /* CONFIG_GNRC_IPV6_NIB_MULTIHOP_DAD */
             if (aro->ltime.u16 != 0) {
                 _handle_sl2ao(netif, ipv6, icmpv6, sl2ao);
+
                 /* re-get NCE in case it was updated */
                 nce = _nib_onl_get(&ipv6->src, netif->pid);
+
+                /* NIB is full */
+                if (nce == NULL) {
+                    return SIXLOWPAN_ND_STATUS_NC_FULL;
+                }
+
                 /* and re-check EUI-64 in case nce was not an NC before */
                 if ((memcmp(&nce->eui64, &aro->eui64,
                             sizeof(aro->eui64)) != 0) &&