pimd: Fix leaked fd and prevent null pointer deref

When the pim_nexthop_lookup fails, close the opened fd
as part of the failure condition.

Additionally pim_nexthop_lookup assumes that we've
actually already looked up a nexthop in the past.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2018-03-18 21:46:58 -04:00
parent 149a38a313
commit 993b143225

View File

@ -256,9 +256,11 @@ static int mtrace_un_forward_packet(struct pim_instance *pim, struct ip *ip_hdr,
pim_socket_ip_hdr(fd);
if (interface == NULL) {
memset(&nexthop, 0, sizeof(nexthop));
ret = pim_nexthop_lookup(pim, &nexthop, ip_hdr->ip_dst, 0);
if (ret != 0) {
close(fd);
if (PIM_DEBUG_MTRACE)
zlog_warn(
"Dropping mtrace packet, "
@ -434,6 +436,7 @@ static int mtrace_send_response(struct pim_instance *pim,
if (PIM_DEBUG_MTRACE)
zlog_debug("mtrace response to RP");
} else {
memset(&nexthop, 0, sizeof(nexthop));
/* TODO: should use unicast rib lookup */
ret = pim_nexthop_lookup(pim, &nexthop, mtracep->rsp_addr, 1);
@ -613,6 +616,7 @@ int igmp_mtrace_recv_qry_req(struct igmp_sock *igmp, struct ip *ip_hdr,
nh_addr.s_addr = 0;
memset(&nexthop, 0, sizeof(nexthop));
ret = pim_nexthop_lookup(pim, &nexthop, mtracep->src_addr, 1);
if (ret == 0) {