diff options
| author | Lou Berger <lberger@labn.net> | 2016-02-05 03:29:49 +0100 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2016-10-18 14:33:07 +0200 |
| commit | f9a3a26046d9e3cf702776370f5c90ac6d5e1ec9 (patch) | |
| tree | e38b8ba727c99b425bed3ef709d9602e848df96f /bgpd | |
| parent | bgp: add bgp_isvalid_nexthop helper and additional NHT zebra checks (diff) | |
| download | frr-f9a3a26046d9e3cf702776370f5c90ac6d5e1ec9.tar.xz frr-f9a3a26046d9e3cf702776370f5c90ac6d5e1ec9.zip | |
bgpd: Fix crash reported by NetDEF CI
This patch is part of the previously submitted patch set on VPN and
Encap SAFIs. It fixes an issue identified by NetDEF CI.
Ensure temp stack structures are initialized Add protection against
double frees / post free access to bgp_attr_flush
Signed-off-by: Lou Berger <lberger@labn.net>
Diffstat (limited to 'bgpd')
| -rw-r--r-- | bgpd/bgp_attr.c | 20 | ||||
| -rw-r--r-- | bgpd/bgp_route.c | 3 |
2 files changed, 19 insertions, 4 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index b1388d0c4..220acb3ea 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -962,9 +962,15 @@ void bgp_attr_flush (struct attr *attr) { if (attr->aspath && ! attr->aspath->refcnt) - aspath_free (attr->aspath); + { + aspath_free (attr->aspath); + attr->aspath = NULL; + } if (attr->community && ! attr->community->refcnt) - community_free (attr->community); + { + community_free (attr->community); + attr->community = NULL; + } if (attr->extra) { struct attr_extra *attre = attr->extra; @@ -972,9 +978,15 @@ bgp_attr_flush (struct attr *attr) if (attre->ecommunity && ! attre->ecommunity->refcnt) ecommunity_free (&attre->ecommunity); if (attre->cluster && ! attre->cluster->refcnt) - cluster_free (attre->cluster); + { + cluster_free (attre->cluster); + attre->cluster = NULL; + } if (attre->transit && ! attre->transit->refcnt) - transit_free (attre->transit); + { + transit_free (attre->transit); + attre->transit = NULL; + } encap_free(attre->encap_subtlvs); attre->encap_subtlvs = NULL; #if ENABLE_BGP_VNC diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 764bb6c43..afb37aeef 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2359,6 +2359,9 @@ bgp_update (struct peer *peer, struct prefix *p, u_int32_t addpath_id, int vnc_implicit_withdraw = 0; #endif + memset (&new_attr, 0, sizeof(struct attr)); + memset (&new_extra, 0, sizeof(struct attr_extra)); + bgp = peer->bgp; rn = bgp_afi_node_get (bgp->rib[afi][safi], afi, safi, p, prd); |