summaryrefslogtreecommitdiffstats
path: root/isisd/isis_zebra.c
diff options
context:
space:
mode:
authorRenato Westphal <renato@opensourcerouting.org>2017-09-21 14:49:31 +0200
committerRenato Westphal <renato@opensourcerouting.org>2017-09-21 16:21:09 +0200
commita74e593b3545374a9021f8264152dba42e08323a (patch)
treef4e3c701b0bbf97aa03d4cfc3bee2baddb639bad /isisd/isis_zebra.c
parentMerge pull request #1212 from mkanjari/init-fix (diff)
downloadfrr-a74e593b3545374a9021f8264152dba42e08323a.tar.xz
frr-a74e593b3545374a9021f8264152dba42e08323a.zip
*: fix segfault when sending more than MULTIPATH_NUM nexthops
This is a fallout from PR #1022 (zapi consolidation). In the early days, the client daemons would allocate enough memory to send all nexthops to zebra. Then zebra would add all nexthops to the RIB and respect MULTIPATH_NUM only when installing the routes in the kernel. Now things are different and the client daemons can send at most MULTIPATH_NUM nexthops to zebra, and failure to respect that will result in a buffer overflow. The MULTIPATH_NUM limit in the new zebra API is a small price we pay to avoid allocating memory for each route sent to zebra. Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Diffstat (limited to 'isisd/isis_zebra.c')
-rw-r--r--isisd/isis_zebra.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/isisd/isis_zebra.c b/isisd/isis_zebra.c
index 99eb698b7..bc8131409 100644
--- a/isisd/isis_zebra.c
+++ b/isisd/isis_zebra.c
@@ -277,6 +277,8 @@ static void isis_zebra_route_add_route(struct prefix *prefix,
case AF_INET:
for (ALL_LIST_ELEMENTS_RO(route_info->nexthops, node,
nexthop)) {
+ if (count >= MULTIPATH_NUM)
+ break;
api_nh = &api.nexthops[count];
/* FIXME: can it be ? */
if (nexthop->ip.s_addr != INADDR_ANY) {
@@ -292,6 +294,8 @@ static void isis_zebra_route_add_route(struct prefix *prefix,
case AF_INET6:
for (ALL_LIST_ELEMENTS_RO(route_info->nexthops6, node,
nexthop6)) {
+ if (count >= MULTIPATH_NUM)
+ break;
if (!IN6_IS_ADDR_LINKLOCAL(&nexthop6->ip6)
&& !IN6_IS_ADDR_UNSPECIFIED(&nexthop6->ip6)) {
continue;