mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-10-25 17:00:15 +00:00
2006-10-15 Paul Jakma <paul.jakma@sun.com> * bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL, check is bogus - changed to assert(), CID#64. binfo is checked for NULL, but then dereferenced unconditionally, fix, CID #63. (bgp_withdraw_packet) Assert adv->rn is valid, as with bgp_update_packet().
This commit is contained in:
Paul Jakma
parent
53d9f67a18
commit
ed3ebfa36b
@ -2,6 +2,12 @@
|
|||||||
|
|
||||||
* bgp_route.c: (bgp_table_stats_walker) NULL deref if table is
|
* bgp_route.c: (bgp_table_stats_walker) NULL deref if table is
|
||||||
empty, bgp_table_top may return NULL, Coverity CID#73.
|
empty, bgp_table_top may return NULL, Coverity CID#73.
|
||||||
|
* bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL,
|
||||||
|
check is bogus - changed to assert(), CID#64.
|
||||||
|
binfo is checked for NULL, but then dereferenced
|
||||||
|
unconditionally, fix, CID #63.
|
||||||
|
(bgp_withdraw_packet) Assert adv->rn is valid, as with
|
||||||
|
bgp_update_packet().
|
||||||
|
|
||||||
2006-10-14 Paul Jakma <paul.jakma@sun.com>
|
2006-10-14 Paul Jakma <paul.jakma@sun.com>
|
||||||
|
|
||||||
|
|||||||
@ -158,14 +158,14 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
|
|||||||
|
|
||||||
while (adv)
|
while (adv)
|
||||||
{
|
{
|
||||||
if (adv->rn)
|
assert (adv->rn);
|
||||||
rn = adv->rn;
|
rn = adv->rn;
|
||||||
adj = adv->adj;
|
adj = adv->adj;
|
||||||
if (adv->binfo)
|
if (adv->binfo)
|
||||||
binfo = adv->binfo;
|
binfo = adv->binfo;
|
||||||
|
|
||||||
/* When remaining space can't include NLRI and it's length. */
|
/* When remaining space can't include NLRI and it's length. */
|
||||||
if (rn && STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
|
if (STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* If packet is empty, set attribute. */
|
/* If packet is empty, set attribute. */
|
||||||
@ -173,11 +173,15 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
|
|||||||
{
|
{
|
||||||
struct prefix_rd *prd = NULL;
|
struct prefix_rd *prd = NULL;
|
||||||
u_char *tag = NULL;
|
u_char *tag = NULL;
|
||||||
|
struct peer *from = NULL;
|
||||||
|
|
||||||
if (rn->prn)
|
if (rn->prn)
|
||||||
prd = (struct prefix_rd *) &rn->prn->p;
|
prd = (struct prefix_rd *) &rn->prn->p;
|
||||||
if (binfo)
|
if (binfo)
|
||||||
tag = binfo->tag;
|
{
|
||||||
|
tag = binfo->tag;
|
||||||
|
from = binfo->peer;
|
||||||
|
}
|
||||||
|
|
||||||
bgp_packet_set_marker (s, BGP_MSG_UPDATE);
|
bgp_packet_set_marker (s, BGP_MSG_UPDATE);
|
||||||
stream_putw (s, 0);
|
stream_putw (s, 0);
|
||||||
@ -186,7 +190,7 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
|
|||||||
total_attr_len = bgp_packet_attribute (NULL, peer, s,
|
total_attr_len = bgp_packet_attribute (NULL, peer, s,
|
||||||
adv->baa->attr,
|
adv->baa->attr,
|
||||||
&rn->p, afi, safi,
|
&rn->p, afi, safi,
|
||||||
binfo->peer, prd, tag);
|
from, prd, tag);
|
||||||
stream_putw_at (s, pos, total_attr_len);
|
stream_putw_at (s, pos, total_attr_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -288,6 +292,7 @@ bgp_withdraw_packet (struct peer *peer, afi_t afi, safi_t safi)
|
|||||||
|
|
||||||
while ((adv = FIFO_HEAD (&peer->sync[afi][safi]->withdraw)) != NULL)
|
while ((adv = FIFO_HEAD (&peer->sync[afi][safi]->withdraw)) != NULL)
|
||||||
{
|
{
|
||||||
|
assert (adv->rn);
|
||||||
adj = adv->adj;
|
adj = adv->adj;
|
||||||
rn = adv->rn;
|
rn = adv->rn;
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user