pimd: Fix leaked fd and prevent null pointer deref

When the pim_nexthop_lookup fails, close the opened fd as part of the failure condition. Additionally pim_nexthop_lookup assumes that we've actually already looked up a nexthop in the past. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2025-08-06 15:58:18 +00:00 · 2018-03-18 21:46:58 -04:00 · 2018-03-18 21:46:58 -04:00 · 993b143225
commit 993b143225
parent 149a38a313
1 changed files with 4 additions and 0 deletions
--- a/pimd/pim_igmp_mtrace.c
+++ b/pimd/pim_igmp_mtrace.c
@ -256,9 +256,11 @@ static int mtrace_un_forward_packet(struct pim_instance *pim, struct ip *ip_hdr,
 	pim_socket_ip_hdr(fd);

 	if (interface == NULL) {
+		memset(&nexthop, 0, sizeof(nexthop));
 		ret = pim_nexthop_lookup(pim, &nexthop, ip_hdr->ip_dst, 0);

 		if (ret != 0) {
+			close(fd);
 			if (PIM_DEBUG_MTRACE)
 				zlog_warn(
 					"Dropping mtrace packet, "
@ -434,6 +436,7 @@ static int mtrace_send_response(struct pim_instance *pim,
 		if (PIM_DEBUG_MTRACE)
 			zlog_debug("mtrace response to RP");
 	} else {
+		memset(&nexthop, 0, sizeof(nexthop));
 		/* TODO: should use unicast rib lookup */
 		ret = pim_nexthop_lookup(pim, &nexthop, mtracep->rsp_addr, 1);

@ -613,6 +616,7 @@ int igmp_mtrace_recv_qry_req(struct igmp_sock *igmp, struct ip *ip_hdr,

 	nh_addr.s_addr = 0;

+	memset(&nexthop, 0, sizeof(nexthop));
 	ret = pim_nexthop_lookup(pim, &nexthop, mtracep->src_addr, 1);

 	if (ret == 0) {