proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 10:54:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ospf6d: fix use-after-free

Browse Source 
ospf6_route_remove may free the ospf6_route passed to it if the refcount
reaches zero, in which case zeroing the ->flag field constitutes a uaf

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2017-05-22 02:12:05 +00:00
parent f1deac618b
commit 8f599166fb
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ospf6d/ospf6_intra.c
View File

@ -1455,13 +1455,14 @@ ospf6_intra_route_calculation (struct ospf6_area *oa)
{
if (hook_add)
(*hook_add) (route);
route->flag = 0;
}
else
{
/* Redo the summaries as things might have changed */
ospf6_abr_originate_summary (route);
route->flag = 0;
}
route->flag = 0;
}
if (IS_OSPF6_DEBUG_EXAMIN (INTRA_PREFIX))