proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 15:10:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ldpd: fix heap-use-after-free at exit

Browse Source 
This problems happens because, in this port, whenever the child
processes want to log something they send a message to the parent. But
in the shutdown functions the first thing we do is to close the pipes
to the parent process. With that said, add some protections to prevent
the child processes from trying to use a closed pipe and just ignore
their log messages during shutdown. In the future we need to share
the logging configuration with the child processes so they can send
log messages on their own.

While here, remove some unnecessary calls to msgbuf_write() in
ldpe_shutdown().

Fixes #1253.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This commit is contained in:
Renato Westphal 2017-10-10 09:22:41 -03:00
parent e56ab0e971
commit 50732983b9
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ldpd/lde.c
View File

@ -185,11 +185,14 @@ lde_shutdown(void)
if (iev_ldpe) {
msgbuf_clear(&iev_ldpe->ibuf.w);
close(iev_ldpe->ibuf.fd);
iev_ldpe->ibuf.fd = -1;
}
msgbuf_clear(&iev_main->ibuf.w);
close(iev_main->ibuf.fd);
iev_main->ibuf.fd = -1;
msgbuf_clear(&iev_main_sync->ibuf.w);
close(iev_main_sync->ibuf.fd);
iev_main_sync->ibuf.fd = -1;
lde_gc_stop_timer();
lde_nbr_clear();
@ -210,12 +213,16 @@ lde_shutdown(void)
int
lde_imsg_compose_parent(int type, pid_t pid, void *data, uint16_t datalen)
{
if (iev_main->ibuf.fd == -1)
return (0);
return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen));
}
void
lde_imsg_compose_parent_sync(int type, pid_t pid, void *data, uint16_t datalen)
{
if (iev_main_sync->ibuf.fd == -1)
return;
imsg_compose_event(iev_main_sync, type, 0, pid, -1, data, datalen);
imsg_flush(&iev_main_sync->ibuf);
}
@ -224,6 +231,8 @@ int
lde_imsg_compose_ldpe(int type, uint32_t peerid, pid_t pid, void *data,
uint16_t datalen)
{
if (iev_ldpe->ibuf.fd == -1)
return (0);
return (imsg_compose_event(iev_ldpe, type, peerid, pid,
-1, data, datalen));
}

11
ldpd/ldpe.c
View File

@ -190,15 +190,16 @@ ldpe_shutdown(void)
/* close pipes */
if (iev_lde) {
msgbuf_write(&iev_lde->ibuf.w);
msgbuf_clear(&iev_lde->ibuf.w);
close(iev_lde->ibuf.fd);
iev_lde->ibuf.fd = -1;
}
msgbuf_write(&iev_main->ibuf.w);
msgbuf_clear(&iev_main->ibuf.w);
close(iev_main->ibuf.fd);
iev_main->ibuf.fd = -1;
msgbuf_clear(&iev_main_sync->ibuf.w);
close(iev_main_sync->ibuf.fd);
iev_main_sync->ibuf.fd = -1;
control_cleanup(ctl_sock_path);
config_clear(leconf);
@ -236,12 +237,16 @@ ldpe_shutdown(void)
int
ldpe_imsg_compose_parent(int type, pid_t pid, void *data, uint16_t datalen)
{
if (iev_main->ibuf.fd == -1)
return (0);
return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen));
}
void
ldpe_imsg_compose_parent_sync(int type, pid_t pid, void *data, uint16_t datalen)
{
if (iev_main_sync->ibuf.fd == -1)
return;
imsg_compose_event(iev_main_sync, type, 0, pid, -1, data, datalen);
imsg_flush(&iev_main_sync->ibuf);
}
@ -250,6 +255,8 @@ int
ldpe_imsg_compose_lde(int type, uint32_t peerid, pid_t pid, void *data,
uint16_t datalen)
{
if (iev_lde->ibuf.fd == -1)
return (0);
return (imsg_compose_event(iev_lde, type, peerid, pid, -1,
data, datalen));
}