From 6cba2674faac978db84ca4ece1263d235423343b Mon Sep 17 00:00:00 2001
From: zhanghongyu <zhanghongyu@xiaomi.com>
Date: Mon, 13 Apr 2026 14:36:14 +0800
Subject: [PATCH] net/icmpv6: fix wrong logical operator in recvmsg validation

Change && to || in the fromlen validation of icmpv6_recvmsg().
The original condition (fromlen == NULL && *fromlen < sizeof(...))
would never be true when fromlen is NULL due to short-circuit
evaluation. The correct logic is: reject if fromlen is NULL or
the buffer is too small.

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
---
 net/icmpv6/icmpv6_recvmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/icmpv6/icmpv6_recvmsg.c b/net/icmpv6/icmpv6_recvmsg.c
index b62ed757676..c7651c22bf7 100644
--- a/net/icmpv6/icmpv6_recvmsg.c
+++ b/net/icmpv6/icmpv6_recvmsg.c
@@ -325,7 +325,7 @@ ssize_t icmpv6_recvmsg(FAR struct socket *psock, FAR struct msghdr *msg,
 
   if (from != NULL)
     {
-      if (fromlen == NULL && *fromlen < sizeof(struct sockaddr_in6))
+      if (fromlen == NULL || *fromlen < sizeof(struct sockaddr_in6))
         {
           return -EINVAL;
         }