ospfd: Fix bug in 94266fa822ba, nbr_self rebuild didn't add valid nbr_self

* 94266fa822ba "ospfd: Self nbrs needs to be rebuilt when router ID changes."
  deleted the nbr_self, and added it back, but ospf_nbr_add_self doesn't
  actually create the nbr_self - it assumes it's already there. Leading
  to use after free and crashes after a router-id change.
* ospfd/ospf_neighbor.{c,h}: (ospf_nbr_self_reset) Little helper to reset the
  nbr_self correctly.
* ospf_interface.c: (ospf_if_cleanup) moved code to ospf_nbr_self_reset
* ospfd.c: (ospf_router_id_update) Use ospf_nbr_self_reset instead of doing
  the reset badly, fixing 94266fa822ba.

4 files changed, 12 insertions, 5 deletions

diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
index 07c3fe35..af4f0a60 100644
--- a/ospfd/ospf_interface.c
+++ b/ospfd/ospf_interface.c
@@ -295,9 +295,7 @@ ospf_if_cleanup (struct ospf_interface *oi)
   ospf_ls_upd_queue_empty (oi);
   
   /* Reset pseudo neighbor. */
-  ospf_nbr_delete (oi->nbr_self);
-  oi->nbr_self = ospf_nbr_new (oi);
-  ospf_nbr_add_self (oi);
+  ospf_nbr_self_reset (oi);
 }
 
 void
diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
index 967ca15d..c3bdf992 100644
--- a/ospfd/ospf_neighbor.c
+++ b/ospfd/ospf_neighbor.c
@@ -202,6 +202,15 @@ ospf_nbr_bidirectional (struct in_addr *router_id,
   return 0;
 }
 
+/* reset nbr_self */
+void
+ospf_nbr_self_reset (struct ospf_interface *oi)
+{
+  ospf_nbr_delete (oi->nbr_self);
+  oi->nbr_self = ospf_nbr_new (oi);
+  ospf_nbr_add_self (oi);
+}
+
 /* Add self to nbr list. */
 void
 ospf_nbr_add_self (struct ospf_interface *oi)
diff --git a/ospfd/ospf_neighbor.h b/ospfd/ospf_neighbor.h
index 25f13524..822c2024 100644
--- a/ospfd/ospf_neighbor.h
+++ b/ospfd/ospf_neighbor.h
@@ -99,6 +99,7 @@ extern struct ospf_neighbor *ospf_nbr_new (struct ospf_interface *);
 extern void ospf_nbr_free (struct ospf_neighbor *);
 extern void ospf_nbr_delete (struct ospf_neighbor *);
 extern int ospf_nbr_bidirectional (struct in_addr *, struct in_addr *, int);
+extern void ospf_nbr_self_reset (struct ospf_interface *);
 extern void ospf_nbr_add_self (struct ospf_interface *);
 extern int ospf_nbr_count (struct ospf_interface *, int);
 #ifdef HAVE_OPAQUE_LSA
diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
index 019a22b7..1a549c3a 100644
--- a/ospfd/ospfd.c
+++ b/ospfd/ospfd.c
@@ -118,8 +118,7 @@ ospf_router_id_update (struct ospf *ospf)
 	   * oi->nbr_self->router_id = router_id for
 	   * !(virtual | ptop) links
 	   */
-	  ospf_nbr_delete(oi->nbr_self);
-	  ospf_nbr_add_self(oi);
+	  ospf_nbr_self_reset (oi);
 	}
 
       /* If AS-external-LSA is queued, then flush those LSAs. */