summaryrefslogtreecommitdiffstats
path: root/bgpd/bgp_packet.c
diff options
context:
space:
mode:
authorPaul Jakma <paul.jakma@sun.com>2006-10-16 01:50:16 +0200
committerPaul Jakma <paul.jakma@sun.com>2006-10-16 01:50:16 +0200
commited3ebfa36b45fe487015e1918e848f0ff4500bff (patch)
tree06e26892b62cc4f109e0d63718f3d7fa1c3bf54a /bgpd/bgp_packet.c
parent[bgpd] CID#73, potential crash in bgp statistics if called for AFI/SAFI with ... (diff)
downloadfrr-ed3ebfa36b45fe487015e1918e848f0ff4500bff.tar.xz
frr-ed3ebfa36b45fe487015e1918e848f0ff4500bff.zip
[bgpd] Coverity CID #64: Needless NULL check, CID #64: Deref of potentially NULL pointer.
2006-10-15 Paul Jakma <paul.jakma@sun.com> * bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL, check is bogus - changed to assert(), CID#64. binfo is checked for NULL, but then dereferenced unconditionally, fix, CID #63. (bgp_withdraw_packet) Assert adv->rn is valid, as with bgp_update_packet().
Diffstat (limited to '')
-rw-r--r--bgpd/bgp_packet.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index cf6d00f1a..9859e50ba 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -158,14 +158,14 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
while (adv)
{
- if (adv->rn)
- rn = adv->rn;
+ assert (adv->rn);
+ rn = adv->rn;
adj = adv->adj;
if (adv->binfo)
binfo = adv->binfo;
/* When remaining space can't include NLRI and it's length. */
- if (rn && STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
+ if (STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
break;
/* If packet is empty, set attribute. */
@@ -173,11 +173,15 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
{
struct prefix_rd *prd = NULL;
u_char *tag = NULL;
+ struct peer *from = NULL;
if (rn->prn)
prd = (struct prefix_rd *) &rn->prn->p;
if (binfo)
- tag = binfo->tag;
+ {
+ tag = binfo->tag;
+ from = binfo->peer;
+ }
bgp_packet_set_marker (s, BGP_MSG_UPDATE);
stream_putw (s, 0);
@@ -186,7 +190,7 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
total_attr_len = bgp_packet_attribute (NULL, peer, s,
adv->baa->attr,
&rn->p, afi, safi,
- binfo->peer, prd, tag);
+ from, prd, tag);
stream_putw_at (s, pos, total_attr_len);
}
@@ -288,6 +292,7 @@ bgp_withdraw_packet (struct peer *peer, afi_t afi, safi_t safi)
while ((adv = FIFO_HEAD (&peer->sync[afi][safi]->withdraw)) != NULL)
{
+ assert (adv->rn);
adj = adv->adj;
rn = adv->rn;