summaryrefslogtreecommitdiffstats
path: root/bgpd/bgp_routemap.c
diff options
context:
space:
mode:
authorChirag Shah <chirag@cumulusnetworks.com>2018-06-13 07:13:05 +0200
committerChirag Shah <chirag@cumulusnetworks.com>2018-06-13 19:14:24 +0200
commit80ced710574552fba7ddb51051606b14da3a1061 (patch)
treebcef336a842ce301905e7187d012c3005b2fdf35 /bgpd/bgp_routemap.c
parentMerge pull request #2424 from pacovn/Coverity_1399270_Dereference_after_null_... (diff)
downloadfrr-80ced710574552fba7ddb51051606b14da3a1061.tar.xz
frr-80ced710574552fba7ddb51051606b14da3a1061.zip
bgpd: Fix bgpd crash in evpn vni route-map
When evpn configured wiht route-map with vni which is not configured. Upon receiving evpn routes (i.e Type-2, Type-3), route-map match will be triggered. Since there is no l2vni exists in db, some of the member fields in bgp_info (i.e. dummy_info_extra) are passed uninitialized to evpn filter match cb. This results in inaccessible memory causes crash. Fix is to memset the bgp_info prior to passing to evpn filter cb. In evpn vni filter cb, ensure to have NULL check for member filed of the bgp_info. memset bgp_info at few places where it is passed to route_match. Ticket:CM-21335 Reviewed By: Testing Done: Configure route-map with not configured l2vni Simulate to learn l2vpn type-2, 3 route Restart frr.service with below config address-family l2vpn evpn neighbor fear route-map EVPN_VNI out route-map EVPN_VNI deny 10 match evpn vni 140010 Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Diffstat (limited to '')
-rw-r--r--bgpd/bgp_routemap.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c
index 8c92f7ff3..cbacd6b4f 100644
--- a/bgpd/bgp_routemap.c
+++ b/bgpd/bgp_routemap.c
@@ -676,6 +676,9 @@ static route_map_result_t route_match_vni(void *rule, struct prefix *prefix,
vni = *((vni_t *)rule);
bgp_info = (struct bgp_info *)object;
+ if (bgp_info->extra == NULL)
+ return RMAP_NOMATCH;
+
if (vni == label2vni(&bgp_info->extra->label[0]))
return RMAP_MATCH;
}