proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-15 08:57:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zebra: fix iptable install heap UAF

Browse Source 
My previous patch to fix a memory leak, caused by not properly freeing
the iptable iface list on stream parse failure, created/exposed a heap
use after free because we were not doing a deep copy

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2020-01-14 01:18:44 -05:00
parent 3b1c9f84c6
commit 592af4cc0a
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
zebra/zebra_pbr.c
View File

@ -652,12 +652,22 @@ static void *pbr_iptable_alloc_intern(void *arg)
{
struct zebra_pbr_iptable *zpi;
struct zebra_pbr_iptable *new;
struct listnode *ln;
char *ifname;
zpi = (struct zebra_pbr_iptable *)arg;
new = XCALLOC(MTYPE_TMP, sizeof(struct zebra_pbr_iptable));
/* Deep structure copy */
memcpy(new, zpi, sizeof(*zpi));
new->interface_name_list = list_new();
if (zpi->interface_name_list) {
for (ALL_LIST_ELEMENTS_RO(zpi->interface_name_list, ln, ifname))
listnode_add(new->interface_name_list,
XSTRDUP(MTYPE_PBR_IPTABLE_IFNAME, ifname));
}
return new;
}