proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-16 02:30:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

vrrpd: don't allow autocreated vr's in NB layer

Browse Source 
Changing properties on an autoconfigured VRRP instance results in its
pointer being stored as a userdata in the NB tree, leading to UAF when
autoconfigure deletes the instance and then later NB operations take
place using the now-stale pointer.

Ticket: CM-29850
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2020-06-02 15:33:05 -04:00 committed by Quentin Young
parent 3a8f70b57c
commit ee723e1382
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vrrpd/vrrp_northbound.c
View File

@ -40,12 +40,22 @@ static int lib_interface_vrrp_vrrp_group_create(struct nb_cb_create_args *args)
uint8_t version = 3; uint8_t version = 3;
struct vrrp_vrouter *vr; struct vrrp_vrouter *vr;
if (args->event != NB_EV_APPLY)
return NB_OK;
ifp = nb_running_get_entry(args->dnode, NULL, true); ifp = nb_running_get_entry(args->dnode, NULL, true);
vrid = yang_dnode_get_uint8(args->dnode, "./virtual-router-id"); vrid = yang_dnode_get_uint8(args->dnode, "./virtual-router-id");
version = yang_dnode_get_enum(args->dnode, "./version"); version = yang_dnode_get_enum(args->dnode, "./version");
switch (event) {
case NB_EV_VALIDATE:
vr = vrrp_lookup(ifp, vrid);
if (vr && vr->autoconf)
return NB_ERR_VALIDATION;
case NB_EV_PREPARE:
case NB_EV_ABORT:
return NB_OK;
case NB_EV_APPLY:
break;
}
vr = vrrp_vrouter_create(ifp, vrid, version); vr = vrrp_vrouter_create(ifp, vrid, version);
nb_running_set_entry(args->dnode, vr); nb_running_set_entry(args->dnode, vr);