From 163a3f582f671b1ac4a0c21cb97da341c756ed2e Mon Sep 17 00:00:00 2001
From: David Lamparter <equinox@opensourcerouting.org>
Date: Tue, 25 Jun 2024 14:37:27 +0200
Subject: [PATCH 1/2] pimd: fix misplaced braces/logic error

The `!rp_info ||` check got added during a cleanup pass.  Unfortunately
the braces/and/or combination is not correct :(

Fixes: b1945363fbf ("pimd: Various buffer overflow reads and crashes")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---
 pimd/pim_rp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pimd/pim_rp.c b/pimd/pim_rp.c
index b0fb8a509a..4703ff8a6a 100644
--- a/pimd/pim_rp.c
+++ b/pimd/pim_rp.c
@@ -1115,8 +1115,8 @@ int pim_rp_set_upstream_addr(struct pim_instance *pim, pim_addr *up,
 
 	rp_info = pim_rp_find_match_group(pim, &g);
 
-	if (!rp_info || ((pim_rpf_addr_is_inaddr_any(&rp_info->rp)) &&
-			 (pim_addr_is_any(source)))) {
+	if ((!rp_info || (pim_rpf_addr_is_inaddr_any(&rp_info->rp))) &&
+			 (pim_addr_is_any(source))) {
 		if (PIM_DEBUG_PIM_NHT_RP)
 			zlog_debug("%s: Received a (*,G) with no RP configured",
 				   __func__);

From 759e93302d8f3120ff101f047c30100430728617 Mon Sep 17 00:00:00 2001
From: David Lamparter <equinox@opensourcerouting.org>
Date: Wed, 26 Jun 2024 16:13:50 +0200
Subject: [PATCH 2/2] pimd: refactor `pim_rp_set_upstream_addr`

Somehow this tiny function ended up being written in a very convoluted
way that enabled the braces mixup in the previous commit.  Rewrite it to
be less confusing.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---
 pimd/pim_rp.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/pimd/pim_rp.c b/pimd/pim_rp.c
index 4703ff8a6a..49be9c0a73 100644
--- a/pimd/pim_rp.c
+++ b/pimd/pim_rp.c
@@ -1107,16 +1107,17 @@ int pim_rp_set_upstream_addr(struct pim_instance *pim, pim_addr *up,
 			     pim_addr source, pim_addr group)
 {
 	struct rp_info *rp_info;
-	struct prefix g;
+	struct prefix g = {};
 
-	memset(&g, 0, sizeof(g));
+	if (!pim_addr_is_any(source)) {
+		*up = source;
+		return 1;
+	}
 
 	pim_addr_to_prefix(&g, group);
-
 	rp_info = pim_rp_find_match_group(pim, &g);
 
-	if ((!rp_info || (pim_rpf_addr_is_inaddr_any(&rp_info->rp))) &&
-			 (pim_addr_is_any(source))) {
+	if (!rp_info || pim_rpf_addr_is_inaddr_any(&rp_info->rp)) {
 		if (PIM_DEBUG_PIM_NHT_RP)
 			zlog_debug("%s: Received a (*,G) with no RP configured",
 				   __func__);
@@ -1124,11 +1125,7 @@ int pim_rp_set_upstream_addr(struct pim_instance *pim, pim_addr *up,
 		return 0;
 	}
 
-	if (pim_addr_is_any(source))
-		*up = rp_info->rp.rpf_addr;
-	else
-		*up = source;
-
+	*up = rp_info->rp.rpf_addr;
 	return 1;
 }