diff options
author | Ondrej Zajicek <santiago@crfreenet.org> | 2014-04-14 12:50:03 +0200 |
---|---|---|
committer | Ondrej Zajicek <santiago@crfreenet.org> | 2014-04-14 12:50:03 +0200 |
commit | 859cbd75e12966b09985b2a992da5ffb250938f8 (patch) | |
tree | d4743480bf390f3d871a9e34e4719cfb95cd6e7d /proto/bgp | |
parent | 538fec7b1b7dd729eadf1c933e27f59080cd3576 (diff) |
Fixes a bug in (mainly) IPv6 BGP.
Stack variable may be used unitialized and that would lead to spurious
rta_free(), which may cause crash. The bug was introduced in 1.4.1 from
merging add-path branch.
Thanks to Peter Andreev for reporting it and Alexander V. Chernikov for
resolving it.
Diffstat (limited to 'proto/bgp')
-rw-r--r-- | proto/bgp/packets.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 808afaa9..b6239025 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -1082,7 +1082,7 @@ bgp_do_rx_update(struct bgp_conn *conn, { struct bgp_proto *p = conn->bgp; struct rte_src *src = p->p.main_source; - rta *a0, *a; + rta *a0, *a = NULL; ip_addr prefix; int pxlen, err = 0; u32 path_id = 0; @@ -1115,7 +1115,6 @@ bgp_do_rx_update(struct bgp_conn *conn, if (a0 && ! bgp_set_next_hop(p, a0)) a0 = NULL; - a = NULL; last_id = 0; src = p->p.main_source; @@ -1187,7 +1186,7 @@ bgp_do_rx_update(struct bgp_conn *conn, byte *start, *x; int len, len0; unsigned af, sub; - rta *a0, *a; + rta *a0, *a = NULL; ip_addr prefix; int pxlen, err = 0; u32 path_id = 0; @@ -1234,7 +1233,6 @@ bgp_do_rx_update(struct bgp_conn *conn, if (a0 && ! bgp_set_next_hop(p, a0)) a0 = NULL; - a = NULL; last_id = 0; src = p->p.main_source; |