diff options
Diffstat (limited to 'main/quagga/0001-bgpd-fix-some-bgp_update_main-attribute-leaks.patch')
| -rw-r--r-- | main/quagga/0001-bgpd-fix-some-bgp_update_main-attribute-leaks.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/main/quagga/0001-bgpd-fix-some-bgp_update_main-attribute-leaks.patch b/main/quagga/0001-bgpd-fix-some-bgp_update_main-attribute-leaks.patch new file mode 100644 index 0000000000..4269a880a2 --- /dev/null +++ b/main/quagga/0001-bgpd-fix-some-bgp_update_main-attribute-leaks.patch @@ -0,0 +1,70 @@ +From c460e5720c1101a6da53e5b753b736ac2c7981af Mon Sep 17 00:00:00 2001 +From: David Lamparter <equinox@opensourcerouting.org> +Date: Wed, 4 Jun 2014 00:54:58 +0200 +Subject: [PATCH] bgpd: fix some bgp_update_main() attribute leaks + +bgp_update_main() wasn't doing anything to release attribute values +set from route maps for two of its error paths. To fix, pull up the +appropriate cleanup from further down and apply it here. + +bgp_update_rsclient() doesn't have the issue since it immediately +does bgp_attr_intern() on the results from bgp_{export,import}_modifier. + +Signed-off-by: David Lamparter <equinox@opensourcerouting.org> +--- + bgpd/bgp_route.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c +index f421ca5..ed8464d 100644 +--- a/bgpd/bgp_route.c ++++ b/bgpd/bgp_route.c +@@ -713,11 +713,8 @@ bgp_input_modifier (struct peer *peer, struct prefix *p, struct attr *attr, + peer->rmap_type = 0; + + if (ret == RMAP_DENYMATCH) +- { +- /* Free newly generated AS path and community by route-map. */ +- bgp_attr_flush (attr); +- return RMAP_DENY; +- } ++ /* caller has multiple error paths with bgp_attr_flush() */ ++ return RMAP_DENY; + } + return RMAP_PERMIT; + } +@@ -2143,10 +2140,14 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, + new_attr.extra = &new_extra; + bgp_attr_dup (&new_attr, attr); + +- /* Apply incoming route-map. */ ++ /* Apply incoming route-map. ++ * NB: new_attr may now contain newly allocated values from route-map "set" ++ * commands, so we need bgp_attr_flush in the error paths, until we intern ++ * the attr (which takes over the memory references) */ + if (bgp_input_modifier (peer, p, &new_attr, afi, safi) == RMAP_DENY) + { + reason = "route-map;"; ++ bgp_attr_flush (&new_attr); + goto filtered; + } + +@@ -2160,6 +2161,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, + && ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + { + reason = "non-connected next-hop;"; ++ bgp_attr_flush (&new_attr); + goto filtered; + } + +@@ -2170,6 +2172,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, + || bgp_nexthop_self (&new_attr)) + { + reason = "martian next-hop;"; ++ bgp_attr_flush (&new_attr); + goto filtered; + } + } +-- +2.0.1 + |