proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-13 16:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zebra: guard against junk in nexthop->rmap_src

Browse Source 
rmap_src wasn't initialized, so for IPv4 the unused 12 bytes would
contain whatever junk is on the stack on function entry.  Also move
the IPv4 parse before the IPv6 parse so if it's successful we can be
sure the other bytes haven't been touched.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit b666ee510e)
This commit is contained in:
David Lamparter 2025-01-22 11:17:21 +01:00 committed by Mergify
parent 9a8ad94ce9
commit e74b0ca0fc
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
zebra/zebra_routemap.c
View File

@ -959,10 +959,11 @@ route_set_src(void *rule, const struct prefix *prefix, void *object)
/* set src compilation. */
static void *route_set_src_compile(const char *arg)
{
union g_addr src, *psrc;
union g_addr src = {}, *psrc;
if ((inet_pton(AF_INET6, arg, &src.ipv6) == 1)
|| (inet_pton(AF_INET, arg, &src.ipv4) == 1)) {
/* IPv4 first, to ensure no garbage in the 12 unused bytes */
if ((inet_pton(AF_INET, arg, &src.ipv4) == 1) ||
(inet_pton(AF_INET6, arg, &src.ipv6) == 1)) {
psrc = XMALLOC(MTYPE_ROUTE_MAP_COMPILED, sizeof(union g_addr));
*psrc = src;
return psrc;