From e98dce60cea213a4155a0db60b463e40c67aa77f Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 20 Jan 2016 07:53:51 -0500 Subject: bgpd: Fix Null pointer dereference in bgp_info_mpath_update bgp_info_mpath_update is called with new_best == NULL, this causes the dereference of new_best in order to get at the mpath_cfg. Signed-off-by: Donald Sharp --- bgpd/bgp_mpath.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'bgpd') diff --git a/bgpd/bgp_mpath.c b/bgpd/bgp_mpath.c index 73b93ceb..8e78aafe 100644 --- a/bgpd/bgp_mpath.c +++ b/bgpd/bgp_mpath.c @@ -428,6 +428,7 @@ bgp_info_mpath_update (struct bgp_node *rn, struct bgp_info *new_best, struct bgp_info *cur_mpath, *new_mpath, *next_mpath, *prev_mpath; int mpath_changed, debug; char pfx_buf[INET_ADDRSTRLEN], nh_buf[2][INET_ADDRSTRLEN]; + struct bgp_maxpaths_cfg *mpath_cfg = NULL; mpath_changed = 0; maxpaths = BGP_DEFAULT_MAXPATHS; @@ -436,16 +437,15 @@ bgp_info_mpath_update (struct bgp_node *rn, struct bgp_info *new_best, old_mpath_count = 0; prev_mpath = new_best; mp_node = listhead (mp_list); - struct bgp_maxpaths_cfg *mpath_cfg; - debug = BGP_DEBUG (events, EVENTS); - mpath_cfg = &new_best->peer->bgp->maxpaths[afi][safi]; + debug = BGP_DEBUG (events, EVENTS); if (debug) prefix2str (&rn->p, pfx_buf, sizeof (pfx_buf)); if (new_best) { + mpath_cfg = &new_best->peer->bgp->maxpaths[afi][safi]; mpath_count++; if (new_best != old_best) bgp_info_mpath_dequeue (new_best); -- cgit v1.2.3