Commit 859cbd75 authored by Ondrej Zajicek's avatar Ondrej Zajicek
Browse files

Fixes a bug in (mainly) IPv6 BGP. 

Stack variable may be used unitialized and that would lead to spurious
rta_free(), which may cause crash. The bug was introduced in 1.4.1 from
merging add-path branch.

Thanks to Peter Andreev for reporting it and Alexander V. Chernikov for
resolving it.
parent 538fec7b

proto/bgp/packets.c

+2 −4
Original line number Diff line number Diff line
@@ -1082,7 +1082,7 @@ bgp_do_rx_update(struct bgp_conn *conn, 
{

  struct bgp_proto *p = conn->bgp;

  struct rte_src *src = p->p.main_source;

  rta *a0, *a;

  rta *a0, *a = NULL;

  ip_addr prefix;

  int pxlen, err = 0;

  u32 path_id = 0;
@@ -1115,7 +1115,6 @@ bgp_do_rx_update(struct bgp_conn *conn, 
  if (a0 && ! bgp_set_next_hop(p, a0))

    a0 = NULL;



  a = NULL;

  last_id = 0;

  src = p->p.main_source;
@@ -1187,7 +1186,7 @@ bgp_do_rx_update(struct bgp_conn *conn, 
  byte *start, *x;

  int len, len0;

  unsigned af, sub;

  rta *a0, *a;

  rta *a0, *a = NULL;

  ip_addr prefix;

  int pxlen, err = 0;

  u32 path_id = 0;
@@ -1234,7 +1233,6 @@ bgp_do_rx_update(struct bgp_conn *conn, 
      if (a0 && ! bgp_set_next_hop(p, a0))

	a0 = NULL;



      a = NULL;

      last_id = 0;

      src = p->p.main_source;

CRA Git | Maintained and supported by SUSTech CRA and CCSE