mirror_frr/bgpd
Quentin Young 1e9be514b3 bgpd: modify attr fields before hash insert
bgp_attr_intern(attr) takes an attribute, duplicates it, and inserts it
into the attribute hash table, returning the inserted attr. This is done
when processing a bgp update. We store the returned attribute in the
path info struct. However, later on we modify one of the fields of the
attribute. This field is inspected by attrhash_cmp, the function that
allows the hash table to select the correct item from the hash chain for
a given key when doing a lookup on an item. By modifying the field after
it's been inserted, we open the possibility that two items in the same
chain that at insertion time were differential by attrhash_cmp becomes
equal according to that function. When performing subsequent hash
lookups, it is then indeterminate which of the equivalent items the hash
table will select from the chain (in practice it is the first one but
this may not be the one we want). Thus, it is illegal to modify
data used by a hash comparison function after inserting that data into
a hash table.

In fact this is occurring for attributes. We insert two attributes that
hash to the same key and thus end up in the same hash chain. Then we
modify one of them such that the two items now compare equal. Later one
we want to release the second item from the chain before XFREE()'ing it,
but since the two items compare equal we get the first item back, then
free the second one, which constitutes two bugs, the first being the
wrong attribute removed from the hash table and the second being a
dangling pointer stored in the hash table.

To rectify this we need to perform any modifications to an attr before
it is inserted into the table, i.e., before calling bgp_attr_intern().
This patch does that by moving the sole modification to the attr that
occurs after the insert (that I have seen) before that call.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-02 13:16:35 -04:00
..
rfapi *: un-split strings across lines 2020-07-14 10:37:25 +02:00
rfp-example Treewide: use ANSI function definitions 2019-01-24 11:21:59 +01:00
.gitignore *: cleanup .gitignore files 2018-09-08 21:30:42 +02:00
bgp_addpath_types.h bgpd: Re-use TX Addpath IDs where possible 2018-11-10 00:16:36 +00:00
bgp_addpath.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_addpath.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_advertise.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_advertise.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_aspath.c *: un-split strings across lines 2020-07-14 10:37:25 +02:00
bgp_aspath.h Merge pull request #5954 from ton31337/feature/rfc7607 2020-03-17 10:27:35 -04:00
bgp_attr_evpn.c bgpd: extended-community and attrs for MAC-IP SYNC route handling 2020-08-05 06:46:12 -07:00
bgp_attr_evpn.h bgpd: extended-community and attrs for MAC-IP SYNC route handling 2020-08-05 06:46:12 -07:00
bgp_attr.c bgp, zebra: add some alignments with remarks from community 2020-08-21 13:37:08 +02:00
bgp_attr.h bgpd: support for bgp ipv6 ext community, and flowspec redirect ipv6 2020-08-21 13:37:08 +02:00
bgp_bfd.c Merge pull request #6711 from GalaxyGorilla/bfd_isis_profiles 2020-07-21 14:45:31 -04:00
bgp_bfd.h bgpd: Convert lots of int type functions to bool/void 2020-03-21 14:59:18 +02:00
bgp_bmp.c bgpd: Prevent Null pointer usage 2020-07-27 06:59:45 -04:00
bgp_bmp.h bgpd: bmp: add support for L2VPN/EVPN routes 2020-06-30 14:37:00 +02:00
bgp_btoa.c bgpd: Convert lots of int type functions to bool/void 2020-03-21 14:59:18 +02:00
bgp_clist.c *: manually remove some more sprintf 2020-04-20 19:14:33 -04:00
bgp_clist.h bgpd, lib: Use bool instead of uint8_t for community/prefix-list "any" 2020-04-16 15:27:51 +03:00
bgp_community.c bgpd: Fix "malformed communities" for accept-own-nexthop 2020-05-29 14:36:07 -04:00
bgp_community.h bgpd: Use COMMUNITY_SIZE instead of just 4 2020-04-08 18:09:25 +03:00
bgp_damp.c bgpd: Bypass SA tests regarding division by zero for reuse_limit in dampening 2020-07-27 20:38:42 +03:00
bgp_damp.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_debug.c bgpd: flowspec code support for ipv6 2020-08-21 13:37:08 +02:00
bgp_debug.h bgpd: debug flags for MH 2020-08-05 06:46:12 -07:00
bgp_dump.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_dump.h bgpd: hook for bgp peer status change events 2019-08-13 11:59:27 -07:00
bgp_ecommunity.c bgpd: remove warnings related to line too longs in bgp code 2020-08-21 13:37:08 +02:00
bgp_ecommunity.h bgp, zebra: add some alignments with remarks from community 2020-08-21 13:37:08 +02:00
bgp_encap_tlv.c *: remove null check before XFREE 2019-02-25 23:00:46 +00:00
bgp_encap_tlv.h *: reindent 2017-07-17 14:04:07 +02:00
bgp_encap_types.h *: use C99 standard fixed-width integer types 2018-03-27 15:13:34 -04:00
bgp_errors.c bgpd: Add a better breadcrumb for when bgp is missconfiged 2020-02-19 10:52:14 -05:00
bgp_errors.h bgpd: Add a better breadcrumb for when bgp is missconfiged 2020-02-19 10:52:14 -05:00
bgp_evpn_mh.c bgpd: do not forget to set the size of community val length 2020-08-21 13:37:08 +02:00
bgp_evpn_mh.h bgpd: extended-community and attrs for MAC-IP SYNC route handling 2020-08-05 06:46:12 -07:00
bgp_evpn_private.h bgpd, lib: move EVPN route type def to lib and use it in the prefix macros 2020-08-05 06:46:13 -07:00
bgp_evpn_vty.c bgpd: fix missing doc string in evpn 2020-08-07 14:32:58 -03:00
bgp_evpn_vty.h bgpd: get rid of afi_header_vty_out() & co. 2017-08-29 08:36:03 +02:00
bgp_evpn.c bgpd: remove warnings related to line too longs in bgp code 2020-08-21 13:37:08 +02:00
bgp_evpn.h bgpd: support for Ethernet Segments and Type-1/EAD routes 2020-08-05 06:46:12 -07:00
bgp_filter.c bgpd: really remove the no ip as-path... command 2020-05-11 08:45:11 -04:00
bgp_filter.h bgpd: Convert lots of int type functions to bool/void 2020-03-21 14:59:18 +02:00
bgp_flowspec_private.h bgpd, lib: support for flow_label flowspec type 2020-08-21 13:37:08 +02:00
bgp_flowspec_util.c bgpd: fix Dereference of null pointer in flowspec 2020-08-21 13:37:08 +02:00
bgp_flowspec_util.h bgpd: ipv6 flowspec address decoding and validation 2020-08-21 13:37:08 +02:00
bgp_flowspec_vty.c bgpd: fix Dereference of null pointer in flowspec 2020-08-21 13:37:08 +02:00
bgp_flowspec.c bgpd, lib: support for flow_label flowspec type 2020-08-21 13:37:08 +02:00
bgp_flowspec.h bgpd: flowspec code support for ipv6 2020-08-21 13:37:08 +02:00
bgp_fsm.c Merge pull request #6938 from opensourcerouting/bgp-instance-shutdown 2020-08-25 10:31:01 -04:00
bgp_fsm.h bgpd: Convert lots of int type functions to bool/void 2020-03-21 14:59:18 +02:00
bgp_io.c bgpd: Avoid extra copy of received data to buffer 2020-05-30 13:53:45 +05:30
bgp_io.h bgpd: raise default & max r/w quanta to 64 2019-10-14 18:41:53 +00:00
bgp_keepalives.c *: generously apply const 2019-12-02 15:01:29 +01:00
bgp_keepalives.h bgpd: update pthreads to use lib changes 2018-01-24 15:30:55 -05:00
bgp_label.c *: un-split strings across lines 2020-07-14 10:37:25 +02:00
bgp_label.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_labelpool.c lib, zebra: support label chunk requests for SRGB 2019-07-10 15:20:27 +02:00
bgp_labelpool.h bgpd: replace label pool fifo with DECLARE_LIST 2019-04-27 19:33:45 +02:00
bgp_lcommunity.c bgpd: Check to ensure community attributes exist before freeing them 2020-05-05 15:59:38 -04:00
bgp_lcommunity.h *: use the current project name (FRRouting) 2020-03-25 17:38:56 -04:00
bgp_mac.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_mac.h bgpd: Rework code to use const struct prefix 2020-03-24 07:51:41 -04:00
bgp_main.c bgpd: Comment out dead code for future 2020-07-27 06:54:23 -04:00
bgp_memory.c bgpd: new memory types for MH 2020-08-05 06:46:12 -07:00
bgp_memory.h bgpd: new memory types for MH 2020-08-05 06:46:12 -07:00
bgp_mpath.c *: un-split strings across lines 2020-07-14 10:37:25 +02:00
bgp_mpath.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_mplsvpn.c bgpd: support for bgp ipv6 ext community, and flowspec redirect ipv6 2020-08-21 13:37:08 +02:00
bgp_mplsvpn.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_network.c bgpd: bgp instance administrative shutdown. 2020-08-14 10:23:34 +02:00
bgp_network.h bgpd: Add 'show bgp listeners' command for diagnostics 2020-03-10 09:59:56 -04:00
bgp_nexthop.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_nexthop.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_nht.c bgpd: flowspec code support for ipv6 2020-08-21 13:37:08 +02:00
bgp_nht.h bgpd: turn off RAs when numbered peers are deleted 2020-04-27 17:49:41 +00:00
bgp_open.c *: un-split strings across lines 2020-07-14 10:37:25 +02:00
bgp_open.h bgpd: Remove trailing whitespaces from some header files 2019-09-17 11:28:48 +03:00
bgp_packet.c Merge pull request #6938 from opensourcerouting/bgp-instance-shutdown 2020-08-25 10:31:01 -04:00
bgp_packet.h bgpd, lib: fix style from BGP GR code 2020-02-04 15:19:04 -05:00
bgp_pbr.c bgpd: remove warnings related to line too longs in bgp code 2020-08-21 13:37:08 +02:00
bgp_pbr.h bgpd: fallback proto icmp/v6 to appropriate l3 filter 2020-08-21 13:37:08 +02:00
bgp_rd.c *: remove PRI[udx](8|16|32) 2020-07-14 10:43:40 +02:00
bgp_rd.h bgpd: support for Ethernet Segments and Type-1/EAD routes 2020-08-05 06:46:12 -07:00
bgp_regex.c *: reindent 2017-07-17 14:04:07 +02:00
bgp_regex.h *: reindent 2017-07-17 14:04:07 +02:00
bgp_route.c bgpd: modify attr fields before hash insert 2020-09-02 13:16:35 -04:00
bgp_route.h bgpd: evpn path selection changes for MAC-IP SYNC route handling 2020-08-05 06:46:12 -07:00
bgp_routemap.c bgpd: do not forget to set the size of community val length 2020-08-21 13:37:08 +02:00
bgp_rpki.c Revert "Rpki Encapsulation" 2020-07-14 15:38:20 -04:00
bgp_snmp.c bgpd: implement bgpPeerTable accross VRFs 2020-08-06 18:04:44 +02:00
bgp_table.c bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_table.h bgpd: evpn path selection changes for MAC-IP SYNC route handling 2020-08-05 06:46:12 -07:00
bgp_updgrp_adv.c bgpd: withdraw default route when route-map has no match 2020-08-25 07:24:13 -04:00
bgp_updgrp_packet.c Merge pull request #6943 from ton31337/fix/replace_sizeof_instead_of_constant_for_bgp_dump_attr 2020-08-19 07:36:13 -03:00
bgp_updgrp.c *: remove PRI[udx](8|16|32) 2020-07-14 10:43:40 +02:00
bgp_updgrp.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgp_vnc_types.h bgpd: #if ENABLE_BGP_VNC -> #ifdef ENABLE_BGP_VNC 2020-04-01 15:05:26 -04:00
bgp_vpn.c bgpd: wide option 2020-07-23 19:18:11 +05:30
bgp_vpn.h bgpd/ospfd: make bgp and ospf json response a bit more consistent 2018-08-30 12:40:18 +00:00
bgp_vty.c Merge pull request #7001 from ton31337/fix/deadcode_bgp_show_all_instances_neighbors_vty 2020-08-26 09:27:12 -04:00
bgp_vty.h bgpd: Add command to show only established sessions 2020-07-09 16:10:20 +03:00
bgp_zebra.c bgpd: support for flowspec interface list per address-family 2020-08-21 13:37:08 +02:00
bgp_zebra.h bgp: rename bgp_node to bgp_dest 2020-06-23 17:32:52 +02:00
bgpd.c Merge pull request #6986 from achernavin22/bgp_reset_sess_if_ebgp_multihop 2020-08-25 15:29:24 -04:00
bgpd.conf.sample doc: Update documentation about multiple-instance 2019-06-18 09:31:35 -04:00
bgpd.conf.sample2
bgpd.conf.vnc.sample
bgpd.h Merge pull request #5799 from pguibert6WIND/flowspec_ipv6 2020-08-26 08:26:46 -04:00
IMPLEMENTATION.txt bgpd: Convert struct bgp_info to struct bgp_path_info 2018-10-09 14:14:25 -04:00
Makefile build: non-recursive bgpd & rfp 2018-09-08 21:25:59 +02:00
subdir.am bgpd: pull the multihoming code out to a separate file 2020-08-05 06:46:12 -07:00
valgrind.supp bgpd: suppress new libyang_1.0 related loss reports 2020-08-08 17:56:18 -04:00