From f24f3450c97fe18a3cffc54f31e06cb630544a70 Mon Sep 17 00:00:00 2001
From: Renato Westphal <renato@opensourcerouting.org>
Date: Wed, 20 Feb 2019 15:32:55 -0300
Subject: [PATCH] pbrd: fix removal of ipv6 nexthops

Fix bug in the code that compares IPv6 addresses. If memcmp()
returns 0 then the two addresses are equal.

Because of this problem, hash_release() could return NULL in a few
places, leading to the following crashes (found by the CLI fuzzer):
pbrd aborted: vtysh -c "configure terminal" -c "pbr-map WORD seq 100" -c "no set nexthop 2001:db8::1"
pbrd aborted: vtysh -c "configure terminal" -c "nexthop-group NHGROUP" -c "no nexthop 2001:db8::1"

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
---
 pbrd/pbr_nht.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pbrd/pbr_nht.c b/pbrd/pbr_nht.c
index 6103bd7db5..f3bfad3190 100644
--- a/pbrd/pbr_nht.c
+++ b/pbrd/pbr_nht.c
@@ -164,8 +164,8 @@ static bool pbr_nh_hash_equal(const void *arg1, const void *arg2)
 		       == pbrnc2->nexthop->gate.ipv4.s_addr;
 	case NEXTHOP_TYPE_IPV6_IFINDEX:
 	case NEXTHOP_TYPE_IPV6:
-		return !!memcmp(&pbrnc1->nexthop->gate.ipv6,
-				&pbrnc2->nexthop->gate.ipv6, 16);
+		return !memcmp(&pbrnc1->nexthop->gate.ipv6,
+			       &pbrnc2->nexthop->gate.ipv6, 16);
 	case NEXTHOP_TYPE_BLACKHOLE:
 		return pbrnc1->nexthop->bh_type == pbrnc2->nexthop->bh_type;
 	}