diff options
author | Donald Sharp <sharpd@cumulusnetworks.com> | 2016-03-11 16:28:34 -0500 |
---|---|---|
committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2016-03-11 18:29:14 -0500 |
commit | 5e57b5fc621300427d3818f0723b8cd8d5e5ca6a (patch) | |
tree | 738345e0c3121f329266e8b8faaa88661e7cdb2e | |
parent | e3f623be8b6556db9d70c2fc5d3c2b152f36dc1d (diff) | |
download | quagga-5e57b5fc621300427d3818f0723b8cd8d5e5ca6a.tar.bz2 quagga-5e57b5fc621300427d3818f0723b8cd8d5e5ca6a.tar.xz |
quagga: Remove double read of stream
The addition of a MIN(X,Y) with a stream_getc in the Y
causes a double read of the stream due to the way that
MIN is defined.
This fix removes a crash in all protocols.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
-rw-r--r-- | bgpd/bgp_zebra.c | 8 | ||||
-rw-r--r-- | isisd/isis_zebra.c | 4 | ||||
-rw-r--r-- | ospf6d/ospf6_zebra.c | 4 | ||||
-rw-r--r-- | ospfd/ospf_zebra.c | 4 | ||||
-rw-r--r-- | ripd/rip_zebra.c | 6 | ||||
-rw-r--r-- | ripngd/ripng_zebra.c | 4 |
6 files changed, 22 insertions, 8 deletions
diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index bee1a947..d0b9216a 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -238,6 +238,7 @@ zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length, struct zapi_ipv4 api; struct in_addr nexthop; struct prefix_ipv4 p; + unsigned char plength = 0; s = zclient->ibuf; nexthop.s_addr = 0; @@ -250,7 +251,8 @@ zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length, /* IPv4 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv4)); p.family = AF_INET; - p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); /* Nexthop, ifindex, distance, metric. */ @@ -314,6 +316,7 @@ zebra_read_ipv6 (int command, struct zclient *zclient, zebra_size_t length, struct zapi_ipv6 api; struct in6_addr nexthop; struct prefix_ipv6 p; + unsigned char plength = 0; s = zclient->ibuf; memset (&nexthop, 0, sizeof (struct in6_addr)); @@ -326,7 +329,8 @@ zebra_read_ipv6 (int command, struct zclient *zclient, zebra_size_t length, /* IPv6 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv6)); p.family = AF_INET6; - p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); /* Nexthop, ifindex, distance, metric. */ diff --git a/isisd/isis_zebra.c b/isisd/isis_zebra.c index a1a5bea7..4acaf8e8 100644 --- a/isisd/isis_zebra.c +++ b/isisd/isis_zebra.c @@ -529,6 +529,7 @@ isis_zebra_read_ipv4 (int command, struct zclient *zclient, struct prefix *p_generic = (struct prefix*)&p; unsigned long ifindex __attribute__ ((unused)); struct in_addr nexthop __attribute__ ((unused)); + unsigned char plength = 0; stream = zclient->ibuf; memset(&api, 0, sizeof(api)); @@ -541,7 +542,8 @@ isis_zebra_read_ipv4 (int command, struct zclient *zclient, api.message = stream_getc (stream); p.family = AF_INET; - p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, stream_getc (stream)); + plength = stream_getc (stream); + p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, plength); stream_get (&p.prefix, stream, PSIZE (p.prefixlen)); if (CHECK_FLAG (api.message, ZAPI_MESSAGE_NEXTHOP)) diff --git a/ospf6d/ospf6_zebra.c b/ospf6d/ospf6_zebra.c index 0caf0014..c8f20d86 100644 --- a/ospf6d/ospf6_zebra.c +++ b/ospf6d/ospf6_zebra.c @@ -213,6 +213,7 @@ ospf6_zebra_read_ipv6 (int command, struct zclient *zclient, unsigned long ifindex; struct prefix_ipv6 p; struct in6_addr *nexthop; + unsigned char plength = 0; s = zclient->ibuf; ifindex = 0; @@ -227,7 +228,8 @@ ospf6_zebra_read_ipv6 (int command, struct zclient *zclient, /* IPv6 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv6)); p.family = AF_INET6; - p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); /* Nexthop, ifindex, distance, metric. */ diff --git a/ospfd/ospf_zebra.c b/ospfd/ospf_zebra.c index 4531f13d..89404552 100644 --- a/ospfd/ospf_zebra.c +++ b/ospfd/ospf_zebra.c @@ -832,6 +832,7 @@ ospf_zebra_read_ipv4 (int command, struct zclient *zclient, struct prefix_ipv4 p; struct external_info *ei; struct ospf *ospf; + unsigned char plength = 0; s = zclient->ibuf; ifindex = 0; @@ -845,7 +846,8 @@ ospf_zebra_read_ipv4 (int command, struct zclient *zclient, /* IPv4 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv4)); p.family = AF_INET; - p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); if (IPV4_NET127(ntohl(p.prefix.s_addr))) diff --git a/ripd/rip_zebra.c b/ripd/rip_zebra.c index 1411cd71..2670ff7e 100644 --- a/ripd/rip_zebra.c +++ b/ripd/rip_zebra.c @@ -135,7 +135,8 @@ rip_zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length, unsigned long ifindex; struct in_addr nexthop; struct prefix_ipv4 p; - + unsigned char plength = 0; + s = zclient->ibuf; ifindex = 0; nexthop.s_addr = 0; @@ -148,7 +149,8 @@ rip_zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length, /* IPv4 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv4)); p.family = AF_INET; - p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); /* Nexthop, ifindex, distance, metric. */ diff --git a/ripngd/ripng_zebra.c b/ripngd/ripng_zebra.c index e02b0989..72216164 100644 --- a/ripngd/ripng_zebra.c +++ b/ripngd/ripng_zebra.c @@ -134,6 +134,7 @@ ripng_zebra_read_ipv6 (int command, struct zclient *zclient, unsigned long ifindex; struct in6_addr nexthop; struct prefix_ipv6 p; + unsigned char plength = 0; s = zclient->ibuf; ifindex = 0; @@ -147,7 +148,8 @@ ripng_zebra_read_ipv6 (int command, struct zclient *zclient, /* IPv6 prefix. */ memset (&p, 0, sizeof (struct prefix_ipv6)); p.family = AF_INET6; - p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, stream_getc (s)); + plength = stream_getc (s); + p.prefixlen = MIN(IPV6_MAX_PREFIXLEN, plength); stream_get (&p.prefix, s, PSIZE (p.prefixlen)); /* Nexthop, ifindex, distance, metric. */ |