bgpd: Fix bgpd crash in evpn vni route-map

When evpn configured wiht route-map with vni which is not
configured. Upon receiving evpn routes (i.e Type-2, Type-3),
route-map match will be triggered. Since there is no l2vni
exists in db, some of the member fields in bgp_info (i.e.
dummy_info_extra) are passed uninitialized to evpn filter match cb.
This results in inaccessible memory causes crash.

Fix is to memset the bgp_info prior to passing to evpn filter cb.
In evpn vni filter cb, ensure to have NULL check for member filed
of the bgp_info.

memset bgp_info at few places where it is passed to route_match.

Ticket:CM-21335
Reviewed By:
Testing Done:

Configure route-map with not configured l2vni
Simulate to learn l2vpn type-2, 3 route

Restart frr.service with below config
address-family l2vpn evpn
  neighbor fear route-map EVPN_VNI out

route-map EVPN_VNI deny 10
 match evpn vni 140010

Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c
index 8c92f7ff3..cbacd6b4f 100644
--- a/bgpd/bgp_routemap.c
+++ b/bgpd/bgp_routemap.c
@@ -676,6 +676,9 @@ static route_map_result_t route_match_vni(void *rule, struct prefix *prefix,
 		vni = *((vni_t *)rule);
 		bgp_info = (struct bgp_info *)object;
 
+		if (bgp_info->extra == NULL)
+			return RMAP_NOMATCH;
+
 		if (vni == label2vni(&bgp_info->extra->label[0]))
 			return RMAP_MATCH;
 	}