proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-10 01:37:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

eigrpd: Fix use after free

Browse Source 
Signed-off-by: Donald Sharp <sharpd@Cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2017-06-10 15:53:27 -04:00
parent 6201488ab3
commit 4af0ab6d7d
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
eigrpd/eigrp_hello.c
View File

@ -122,7 +122,7 @@ eigrp_hello_timer (struct thread *thread)
* Note the addition of K6 for the new extended metrics, and does not apply to * Note the addition of K6 for the new extended metrics, and does not apply to
* older TLV packet formats. * older TLV packet formats.
*/ */
static void static struct eigrp_neighbor *
eigrp_hello_parameter_decode (struct eigrp_neighbor *nbr, eigrp_hello_parameter_decode (struct eigrp_neighbor *nbr,
struct eigrp_tlv_hdr_type *tlv) struct eigrp_tlv_hdr_type *tlv)
{ {
@ -172,6 +172,7 @@ eigrp_hello_parameter_decode (struct eigrp_neighbor *nbr,
zlog_info ("Neighbor %s (%s) is down: Interface PEER-TERMINATION received", zlog_info ("Neighbor %s (%s) is down: Interface PEER-TERMINATION received",
inet_ntoa (nbr->src),ifindex2ifname (nbr->ei->ifp->ifindex, VRF_DEFAULT)); inet_ntoa (nbr->src),ifindex2ifname (nbr->ei->ifp->ifindex, VRF_DEFAULT));
eigrp_nbr_delete (nbr); eigrp_nbr_delete (nbr);
return NULL;
} }
else else
{ {
@ -181,6 +182,8 @@ eigrp_hello_parameter_decode (struct eigrp_neighbor *nbr,
} }
} }
} }
return nbr;
} }
static u_char static u_char
@ -349,7 +352,9 @@ eigrp_hello_receive (struct eigrp *eigrp, struct ip *iph, struct eigrp_header *e
switch (type) switch (type)
{ {
case EIGRP_TLV_PARAMETER: case EIGRP_TLV_PARAMETER:
eigrp_hello_parameter_decode(nbr, tlv_header); nbr = eigrp_hello_parameter_decode(nbr, tlv_header);
if (!nbr)
return;
break; break;
case EIGRP_TLV_AUTH: case EIGRP_TLV_AUTH:
{ {