bgpd: Fix crash reported by NetDEF CI

This patch is part of the previously submitted patch set on VPN and Encap SAFIs. It fixes an issue identified by NetDEF CI. Ensure temp stack structures are initialized Add protection against double frees / post free access to bgp_attr_flush Signed-off-by: Lou Berger <lberger@labn.net>
author: Lou Berger <lberger@labn.net> 2016-02-04 21:29:49 -0500
committer: Paul Jakma <paul.jakma@hpe.com> 2016-03-08 17:53:22 +0000
commit: 370b7e59170acf853ca3357c71dd5ab0d85e763c (patch)
tree: 24cd286ecd47f6c6439e1c5971a1abbacb9e5c3a
parent: bf83fa25f1bddec6f09ad879cba5e975a3ae5495 (diff)
download: quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.bz2
quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.xz
2 files changed, 19 insertions, 4 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index d74e0efc..f34e6493 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -833,9 +833,15 @@ void
 bgp_attr_flush (struct attr *attr)
 {
   if (attr->aspath && ! attr->aspath->refcnt)
-    aspath_free (attr->aspath);
+    {
+      aspath_free (attr->aspath);
+      attr->aspath = NULL;
+    }
   if (attr->community && ! attr->community->refcnt)
-    community_free (attr->community);
+    {
+      community_free (attr->community);
+      attr->community = NULL;
+    }
   if (attr->extra)
     {
       struct attr_extra *attre = attr->extra;
@@ -843,9 +849,15 @@ bgp_attr_flush (struct attr *attr)
       if (attre->ecommunity && ! attre->ecommunity->refcnt)
         ecommunity_free (&attre->ecommunity);
       if (attre->cluster && ! attre->cluster->refcnt)
-        cluster_free (attre->cluster);
+        {
+          cluster_free (attre->cluster);
+          attre->cluster = NULL;
+        }
       if (attre->transit && ! attre->transit->refcnt)
-        transit_free (attre->transit);
+        {
+          transit_free (attre->transit);
+          attre->transit = NULL;
+        }
       encap_free(attre->encap_subtlvs);
       attre->encap_subtlvs = NULL;
     }
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 2728b103..c364372f 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -2121,6 +2121,9 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr,
   const char *reason;
   char buf[SU_ADDRSTRLEN];
 
+  memset (&new_attr, 0, sizeof(struct attr));
+  memset (&new_extra, 0, sizeof(struct attr_extra));
+
   bgp = peer->bgp;
   rn = bgp_afi_node_get (bgp->rib[afi][safi], afi, safi, p, prd);
author	Lou Berger <lberger@labn.net>	2016-02-04 21:29:49 -0500
committer	Paul Jakma <paul.jakma@hpe.com>	2016-03-08 17:53:22 +0000
commit	370b7e59170acf853ca3357c71dd5ab0d85e763c (patch)
tree	24cd286ecd47f6c6439e1c5971a1abbacb9e5c3a
parent	bf83fa25f1bddec6f09ad879cba5e975a3ae5495 (diff)
download	quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.bz2 quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.xz