ospfd: Fix bug in 94266fa822ba, nbr_self rebuild didn't add valid nbr_self

* 94266fa822ba "ospfd: Self nbrs needs to be rebuilt when router ID changes." deleted the nbr_self, and added it back, but ospf_nbr_add_self doesn't actually create the nbr_self - it assumes it's already there. Leading to use after free and crashes after a router-id change. * ospfd/ospf_neighbor.{c,h}: (ospf_nbr_self_reset) Little helper to reset the nbr_self correctly. * ospf_interface.c: (ospf_if_cleanup) moved code to ospf_nbr_self_reset * ospfd.c: (ospf_router_id_update) Use ospf_nbr_self_reset instead of doing the reset badly, fixing 94266fa822ba. (cherry picked from commit c920e510d09c6c4ab63a3da5375009442a950f82)
author: Paul Jakma <paul@jakma.org> 2015-09-08 16:31:45 +0200
committer: Daniel Walton <dwalton@cumulusnetworks.com> 2016-05-26 17:33:31 +0200
commit: cdd0c84970dfa98e0232011eb7c7241805c9e4eb (patch)
tree: 33e7df5bbeb354f33b5e3a7e90a6f88b12a814eb /ospfd
parent: isisd: Add new adjacency to LSP neighbor list (diff)
download: frr-cdd0c84970dfa98e0232011eb7c7241805c9e4eb.tar.xz
frr-cdd0c84970dfa98e0232011eb7c7241805c9e4eb.zip
4 files changed, 12 insertions, 5 deletions
diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
index 628091963..5b6be1c8d 100644
--- a/ospfd/ospf_interface.c
+++ b/ospfd/ospf_interface.c
@@ -297,9 +297,7 @@ ospf_if_cleanup (struct ospf_interface *oi)
   ospf_ls_upd_queue_empty (oi);
   
   /* Reset pseudo neighbor. */
-  ospf_nbr_delete (oi->nbr_self);
-  oi->nbr_self = ospf_nbr_new (oi);
-  ospf_nbr_add_self (oi);
+  ospf_nbr_self_reset (oi);
 }
 
 void
diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
index afc74d2b0..83f91ad53 100644
--- a/ospfd/ospf_neighbor.c
+++ b/ospfd/ospf_neighbor.c
@@ -206,6 +206,15 @@ ospf_nbr_bidirectional (struct in_addr *router_id,
   return 0;
 }
 
+/* reset nbr_self */
+void
+ospf_nbr_self_reset (struct ospf_interface *oi)
+{
+  ospf_nbr_delete (oi->nbr_self);
+  oi->nbr_self = ospf_nbr_new (oi);
+  ospf_nbr_add_self (oi);
+}
+
 /* Add self to nbr list. */
 void
 ospf_nbr_add_self (struct ospf_interface *oi)
diff --git a/ospfd/ospf_neighbor.h b/ospfd/ospf_neighbor.h
index 7118dd021..81e212b57 100644
--- a/ospfd/ospf_neighbor.h
+++ b/ospfd/ospf_neighbor.h
@@ -102,6 +102,7 @@ extern struct ospf_neighbor *ospf_nbr_new (struct ospf_interface *);
 extern void ospf_nbr_free (struct ospf_neighbor *);
 extern void ospf_nbr_delete (struct ospf_neighbor *);
 extern int ospf_nbr_bidirectional (struct in_addr *, struct in_addr *, int);
+extern void ospf_nbr_self_reset (struct ospf_interface *);
 extern void ospf_nbr_add_self (struct ospf_interface *);
 extern int ospf_nbr_count (struct ospf_interface *, int);
 #ifdef HAVE_OPAQUE_LSA
diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
index 7af6ddc37..050cbad19 100644
--- a/ospfd/ospfd.c
+++ b/ospfd/ospfd.c
@@ -124,8 +124,7 @@ ospf_router_id_update (struct ospf *ospf)
 	   * oi->nbr_self->router_id = router_id for
 	   * !(virtual | ptop) links
 	   */
-	  ospf_nbr_delete(oi->nbr_self);
-	  ospf_nbr_add_self(oi);
+	  ospf_nbr_self_reset (oi);
 	}
 
       /* If AS-external-LSA is queued, then flush those LSAs. */
author	Paul Jakma <paul@jakma.org>	2015-09-08 16:31:45 +0200
committer	Daniel Walton <dwalton@cumulusnetworks.com>	2016-05-26 17:33:31 +0200
commit	cdd0c84970dfa98e0232011eb7c7241805c9e4eb (patch)
tree	33e7df5bbeb354f33b5e3a7e90a6f88b12a814eb /ospfd
parent	isisd: Add new adjacency to LSP neighbor list (diff)
download	frr-cdd0c84970dfa98e0232011eb7c7241805c9e4eb.tar.xz frr-cdd0c84970dfa98e0232011eb7c7241805c9e4eb.zip