proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 02:53:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

BGPD: Cores when cleared with doppelganger.

Browse Source 
RCA: When doppelganger still around and clear bgp is issued
there are chances of peer getting deleted and next pointer
is a  freed peer pointer.

Fix: Pass address of nnode to get next safe peer pointer.

Signed-off-by: Santosh P K <sapk@vmware.com>
This commit is contained in:
Santosh P K 2020-03-03 06:27:30 -08:00
parent e66addb385
commit c368171c04
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
bgpd/bgp_vty.c
View File

@ -753,7 +753,7 @@ static void bgp_clear_vty_error(struct vty *vty, struct peer *peer, afi_t afi,
}
static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
struct listnode *nnode, enum bgp_clear_type stype)
struct listnode **nnode, enum bgp_clear_type stype)
{
int ret = 0;
@ -767,7 +767,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
continue;
if (stype == BGP_CLEAR_SOFT_NONE)
ret = peer_clear(peer, &nnode);
ret = peer_clear(peer, nnode);
else
ret = peer_clear_soft(peer, tmp_afi, tmp_safi,
stype);
@ -782,7 +782,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
continue;
if (stype == BGP_CLEAR_SOFT_NONE)
ret = peer_clear(peer, &nnode);
ret = peer_clear(peer, nnode);
else
ret = peer_clear_soft(peer, afi,
tmp_safi, stype);
@ -793,7 +793,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
return 1;
if (stype == BGP_CLEAR_SOFT_NONE)
ret = peer_clear(peer, &nnode);
ret = peer_clear(peer, nnode);
else
ret = peer_clear_soft(peer, afi, safi, stype);
}
@ -826,7 +826,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
gr_router_detected = true;
ret = bgp_peer_clear(peer, afi, safi, nnode,
ret = bgp_peer_clear(peer, afi, safi, &nnode,
stype);
if (ret < 0)
@ -901,7 +901,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
}
for (ALL_LIST_ELEMENTS(group->peer, node, nnode, peer)) {
ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
if (ret < 0)
bgp_clear_vty_error(vty, peer, afi, safi, ret);
@ -928,7 +928,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
gr_router_detected = true;
ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
if (ret < 0)
bgp_clear_vty_error(vty, peer, afi, safi, ret);
@ -965,7 +965,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
gr_router_detected = true;
ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
if (ret < 0)
bgp_clear_vty_error(vty, peer, afi, safi, ret);