diff options
author | Paul Jakma <paul.jakma@sun.com> | 2006-10-16 01:50:16 +0200 |
---|---|---|
committer | Paul Jakma <paul.jakma@sun.com> | 2006-10-16 01:50:16 +0200 |
commit | ed3ebfa36b45fe487015e1918e848f0ff4500bff (patch) | |
tree | 06e26892b62cc4f109e0d63718f3d7fa1c3bf54a /bgpd/bgp_packet.c | |
parent | [bgpd] CID#73, potential crash in bgp statistics if called for AFI/SAFI with ... (diff) | |
download | frr-ed3ebfa36b45fe487015e1918e848f0ff4500bff.tar.xz frr-ed3ebfa36b45fe487015e1918e848f0ff4500bff.zip |
[bgpd] Coverity CID #64: Needless NULL check, CID #64: Deref of potentially NULL pointer.
2006-10-15 Paul Jakma <paul.jakma@sun.com>
* bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL,
check is bogus - changed to assert(), CID#64.
binfo is checked for NULL, but then dereferenced
unconditionally, fix, CID #63.
(bgp_withdraw_packet) Assert adv->rn is valid, as with
bgp_update_packet().
Diffstat (limited to '')
-rw-r--r-- | bgpd/bgp_packet.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index cf6d00f1a..9859e50ba 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -158,14 +158,14 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi) while (adv) { - if (adv->rn) - rn = adv->rn; + assert (adv->rn); + rn = adv->rn; adj = adv->adj; if (adv->binfo) binfo = adv->binfo; /* When remaining space can't include NLRI and it's length. */ - if (rn && STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen)) + if (STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen)) break; /* If packet is empty, set attribute. */ @@ -173,11 +173,15 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi) { struct prefix_rd *prd = NULL; u_char *tag = NULL; + struct peer *from = NULL; if (rn->prn) prd = (struct prefix_rd *) &rn->prn->p; if (binfo) - tag = binfo->tag; + { + tag = binfo->tag; + from = binfo->peer; + } bgp_packet_set_marker (s, BGP_MSG_UPDATE); stream_putw (s, 0); @@ -186,7 +190,7 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi) total_attr_len = bgp_packet_attribute (NULL, peer, s, adv->baa->attr, &rn->p, afi, safi, - binfo->peer, prd, tag); + from, prd, tag); stream_putw_at (s, pos, total_attr_len); } @@ -288,6 +292,7 @@ bgp_withdraw_packet (struct peer *peer, afi_t afi, safi_t safi) while ((adv = FIFO_HEAD (&peer->sync[afi][safi]->withdraw)) != NULL) { + assert (adv->rn); adj = adv->adj; rn = adv->rn; |