diff options
author | Lou Berger <lberger@labn.net> | 2016-02-04 21:29:49 -0500 |
---|---|---|
committer | Paul Jakma <paul.jakma@hpe.com> | 2016-03-08 17:53:22 +0000 |
commit | 370b7e59170acf853ca3357c71dd5ab0d85e763c (patch) | |
tree | 24cd286ecd47f6c6439e1c5971a1abbacb9e5c3a | |
parent | bf83fa25f1bddec6f09ad879cba5e975a3ae5495 (diff) | |
download | quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.bz2 quagga-370b7e59170acf853ca3357c71dd5ab0d85e763c.tar.xz |
bgpd: Fix crash reported by NetDEF CI
This patch is part of the previously submitted
patch set on VPN and Encap SAFIs. It fixes
an issue identified by NetDEF CI.
Ensure temp stack structures are initialized
Add protection against double frees / post
free access to bgp_attr_flush
Signed-off-by: Lou Berger <lberger@labn.net>
-rw-r--r-- | bgpd/bgp_attr.c | 20 | ||||
-rw-r--r-- | bgpd/bgp_route.c | 3 |
2 files changed, 19 insertions, 4 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index d74e0efc..f34e6493 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -833,9 +833,15 @@ void bgp_attr_flush (struct attr *attr) { if (attr->aspath && ! attr->aspath->refcnt) - aspath_free (attr->aspath); + { + aspath_free (attr->aspath); + attr->aspath = NULL; + } if (attr->community && ! attr->community->refcnt) - community_free (attr->community); + { + community_free (attr->community); + attr->community = NULL; + } if (attr->extra) { struct attr_extra *attre = attr->extra; @@ -843,9 +849,15 @@ bgp_attr_flush (struct attr *attr) if (attre->ecommunity && ! attre->ecommunity->refcnt) ecommunity_free (&attre->ecommunity); if (attre->cluster && ! attre->cluster->refcnt) - cluster_free (attre->cluster); + { + cluster_free (attre->cluster); + attre->cluster = NULL; + } if (attre->transit && ! attre->transit->refcnt) - transit_free (attre->transit); + { + transit_free (attre->transit); + attre->transit = NULL; + } encap_free(attre->encap_subtlvs); attre->encap_subtlvs = NULL; } diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 2728b103..c364372f 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2121,6 +2121,9 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, const char *reason; char buf[SU_ADDRSTRLEN]; + memset (&new_attr, 0, sizeof(struct attr)); + memset (&new_extra, 0, sizeof(struct attr_extra)); + bgp = peer->bgp; rn = bgp_afi_node_get (bgp->rib[afi][safi], afi, safi, p, prd); |