diff options
| author | Pascal Mathis <mail@pascalmathis.com> | 2018-06-14 19:40:36 +0200 |
|---|---|---|
| committer | Pascal Mathis <mail@pascalmathis.com> | 2018-06-15 00:08:46 +0200 |
| commit | 1f2263be24b7b5be3fa0d889bd6605d2d3214501 (patch) | |
| tree | 793408ccc23b09e5ae1985382917f02eb7876b82 | |
| parent | Merge pull request #2426 from pacovn/Coverity_23089_Buffer_not_null_terminated (diff) | |
| download | frr-1f2263be24b7b5be3fa0d889bd6605d2d3214501.tar.xz frr-1f2263be24b7b5be3fa0d889bd6605d2d3214501.zip | |
bgpd: Fix crash when showing filtered routes
This commit fixes the issue mentioned in #2419, which is caused by a
double-free. The problem of the current implementation is that
*bgp_input_modifier* already frees the passed attributes under specific
circumstances, which can then lead to a double-free as *bgp_attr_undup*
does not check if the attributes are set to NULL.
As it is not transparent to the function caller if the attributes get
freed or not and the similar function *bgp_output_modifier* also does
not flush the passed attributes, the line has been removed altogether.
All callers of *bgp_input_modifier* already deal by themself with
freeing/flushing/unduping BGP attributes, so it is safe to remove.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
| -rw-r--r-- | bgpd/bgp_route.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 0a15eb504..95e7def8f 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1185,12 +1185,8 @@ static int bgp_input_modifier(struct peer *peer, struct prefix *p, peer->rmap_type = 0; - if (ret == RMAP_DENYMATCH) { - /* Free newly generated AS path and community by - * route-map. */ - bgp_attr_flush(attr); + if (ret == RMAP_DENYMATCH) return RMAP_DENY; - } } return RMAP_PERMIT; } |