mirror_frr

mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-24 17:52:19 +00:00

History

Louis Scalbert 3eeed525ab isisd: fix _isis_spftree_del heap-use-after-free Fix the following heap-use-after-free > ==82961==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020001e4750 at pc 0x55a8cc7f63ac bp 0x7ffd6948e340 sp 0x7ffd6948e330 > READ of size 8 at 0x6020001e4750 thread T0 > #0 0x55a8cc7f63ab in isis_route_node_cleanup isisd/isis_route.c:335 > #1 0x7ff25ec617c1 in route_node_free lib/table.c:75 > #2 0x7ff25ec619fc in route_table_free lib/table.c:111 > #3 0x7ff25ec61661 in route_table_finish lib/table.c:46 > #4 0x55a8cc800d83 in _isis_spftree_del isisd/isis_spf.c:397 > #5 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > #6 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > #7 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > #8 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > #9 0x7ff25ec7c4dc in event_call lib/event.c:1970 > #10 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > #11 0x55a8cc7799da in main isisd/isis_main.c:318 > #12 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > #13 0x7ff25e623e3f in __libc_start_main_impl ../csu/libc-start.c:392 > #14 0x55a8cc778e44 in _start (/usr/lib/frr/isisd+0x109e44) > > 0x6020001e4750 is located 0 bytes inside of 16-byte region [0x6020001e4750,0x6020001e4760) > freed by thread T0 here: > #0 0x7ff25f000537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > #1 0x7ff25eb9012e in qfree lib/memory.c:130 > #2 0x55a8cc7f6485 in isis_route_table_info_free isisd/isis_route.c:351 > #3 0x55a8cc800cf4 in _isis_spftree_del isisd/isis_spf.c:395 > #4 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > #5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > #6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > #7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > #8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > #9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > #10 0x55a8cc7799da in main isisd/isis_main.c:318 > #11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7ff25f000a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > #1 0x7ff25eb8ffdc in qcalloc lib/memory.c:105 > #2 0x55a8cc7f63eb in isis_route_table_info_alloc isisd/isis_route.c:343 > #3 0x55a8cc80052a in _isis_spftree_init isisd/isis_spf.c:334 > #4 0x55a8cc800e51 in isis_spftree_clear isisd/isis_spf.c:415 > #5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > #6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > #7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > #8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > #9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > #10 0x55a8cc7799da in main isisd/isis_main.c:318 > #11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Fixes: `7153c3cabf` ("isisd: update struct isis_route_info has multiple sr info by algorithm") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> (cherry picked from commit `9fa9a9d865`)		2024-01-05 08:47:58 +00:00
..
.gitignore	*: cleanup .gitignore files	2018-09-08 21:30:42 +02:00
AUTHORS	Add support of Traffic Engineering to IS-IS	2016-09-03 11:05:50 -04:00
fabricd.c	isisd: update struct isis_spftree with algorithm id	2023-04-17 11:06:08 +02:00
fabricd.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_adjacency.c	isisd: Extend IS-IS adjacency with SRv6 adj SIDs	2023-09-11 22:11:48 +02:00
isis_adjacency.h	isisd: Add support for SRv6 Adjacency SIDs	2023-09-11 22:11:47 +02:00
isis_affinitymap.c	isisd: fix potential null pointer in isis_affinity_map_update()	2023-04-20 16:23:50 +02:00
isis_affinitymap.h	isisd: add affinity-map configuration hooks	2023-04-18 11:33:15 +02:00
isis_bfd.c	*: Convert `struct event_master` to `struct event_loop`	2023-03-24 08:32:17 -04:00
isis_bfd.h	*: Convert `struct event_master` to `struct event_loop`	2023-03-24 08:32:17 -04:00
isis_bpf.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_circuit.c	isisd: Make SRv6 interface configurable	2023-09-11 22:11:51 +02:00
isis_circuit.h	*: Rename `struct thread` to `struct event`	2023-03-24 08:32:17 -04:00
isis_cli.c	isisd: Make SRv6 interface configurable	2023-09-11 22:11:51 +02:00
isis_common.h	isisd: Update to the new printfrr ISO format	2023-03-21 15:21:47 +01:00
isis_constants.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_csm.c	*: Convert event.h to frrevent.h	2023-03-24 08:32:17 -04:00
isis_csm.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_dlpi.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_dr.c	*: Convert event.h to frrevent.h	2023-03-24 08:32:17 -04:00
isis_dr.h	*: Rename `struct thread` to `struct event`	2023-03-24 08:32:17 -04:00
isis_dynhn.c	Merge pull request #12698 from Orange-OpenSource/isisd	2023-04-11 09:49:01 -04:00
isis_dynhn.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_errors.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_errors.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_events.c	Merge pull request #12698 from Orange-OpenSource/isisd	2023-04-11 09:49:01 -04:00
isis_events.h	*: Rename `struct thread` to `struct event`	2023-03-24 08:32:17 -04:00
isis_flags.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_flags.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_flex_algo.c	Revert "lib: add a frr_each_const macro"	2023-09-07 12:08:50 +02:00
isis_flex_algo.h	isisd: calculate flex-algo constraint spf	2023-04-18 11:33:15 +02:00
isis_ldp_sync.c	*: Convert event.h to frrevent.h	2023-03-24 08:32:17 -04:00
isis_ldp_sync.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_lfa.c	isisd: add support of (ti-)lfa to flex-algo	2023-04-18 11:33:15 +02:00
isis_lfa.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_lsp.c	isisd: Fix dislaying LSP ID	2023-12-05 09:12:45 +00:00
isis_lsp.h	*: Rename `struct thread` to `struct event`	2023-03-24 08:32:17 -04:00
isis_main.c	isisd: Add function to terminate the SRv6 module	2023-08-04 09:29:16 +02:00
isis_misc.c	isisd: replace gmtime with gmtime_r	2023-07-10 17:06:17 -04:00
isis_misc.h	isisd: Update to the new printfrr ISO format	2023-03-21 15:21:47 +01:00
isis_mt.c	isisd: Update to the new printfrr ISO format	2023-03-21 15:21:47 +01:00
isis_mt.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_nb_config.c	isisd: remove redundant northbound destroy callbacks	2023-10-06 17:37:41 +03:00
isis_nb_notifications.c	isisd: Update to the new printfrr ISO format	2023-03-21 15:21:47 +01:00
isis_nb_state.c	isisd: Update to the new printfrr ISO format	2023-03-21 15:21:47 +01:00
isis_nb.c	isisd: remove redundant northbound destroy callbacks	2023-10-06 17:37:41 +03:00
isis_nb.h	isisd: remove redundant northbound destroy callbacks	2023-10-06 17:37:41 +03:00
isis_network.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_pdu_counter.c	isisd: Add log-pdu-drops log functionality	2023-04-04 09:23:21 -07:00
isis_pdu_counter.h	isisd: Add log-pdu-drops log functionality	2023-04-04 09:23:21 -07:00
isis_pdu.c	Merge pull request #13163 from isabelladeleon12/isis_log_drops	2023-04-11 09:55:24 -04:00
isis_pdu.h	isisd: Add log-pdu-drops log functionality	2023-04-04 09:23:21 -07:00
isis_pfpacket.c	isisd: pfpacket BPF filter with IS-IS over tunnel support	2023-03-12 16:15:27 +01:00
isis_redist.c	isisd: add the 'redistribute table' internal support	2023-07-12 14:06:00 +02:00
isis_redist.h	isisd: add the 'redistribute table' internal support	2023-07-12 14:06:00 +02:00
isis_route.c	isisd: fix merging flex-algo route nodes	2023-04-18 11:33:15 +02:00
isis_route.h	isisd: merge algorithm tables	2023-04-18 11:33:15 +02:00
isis_routemap.c	*: Convert event.h to frrevent.h	2023-03-24 08:32:17 -04:00
isis_routemap.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_snmp.c	Merge pull request #12698 from Orange-OpenSource/isisd	2023-04-11 09:49:01 -04:00
isis_spf_private.h	isisd: calculate flex-algo constraint spf	2023-04-18 11:33:15 +02:00
isis_spf.c	isisd: fix _isis_spftree_del heap-use-after-free	2024-01-05 08:47:58 +00:00
isis_spf.h	isisd: add option to display isis routes as json	2023-04-18 11:33:15 +02:00
isis_sr.c	isisd: update Node-SID flag dynamically	2023-07-29 14:18:39 -03:00
isis_sr.h	isisd: update Node-SID flag dynamically	2023-07-29 14:18:39 -03:00
isis_srv6.c	isisd: Fix style warnings reported by CI	2023-11-05 21:40:07 +00:00
isis_srv6.h	isisd: Fix openfabric crash	2023-11-05 21:40:06 +00:00
isis_te.c	Merge pull request #12933 from Orange-OpenSource/link_state	2023-04-20 18:33:21 +02:00
isis_te.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_tlvs.c	isisd: Fix CID 1568129 (Null pointer dereference)	2023-09-15 12:39:45 +02:00
isis_tlvs.h	isisd: Add support for SRv6 Adjacency SIDs	2023-09-11 22:11:47 +02:00
isis_tx_queue.c	Merge pull request #12698 from Orange-OpenSource/isisd	2023-04-11 09:49:01 -04:00
isis_tx_queue.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_vty_fabricd.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
isis_zebra.c	isisd: Fix SRv6 memory leaks	2023-09-21 18:43:04 +02:00
isis_zebra.h	isisd: Add functions to install/remove adj SIDs	2023-09-11 22:11:47 +02:00
isisd.c	isisd: Make SRv6 Node MSDs customizable	2023-09-11 22:11:50 +02:00
isisd.h	isisd: Add YANG path for SRv6	2023-08-04 09:29:15 +02:00
iso_checksum.c	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
iso_checksum.h	*: auto-convert to SPDX License IDs	2023-02-09 14:09:11 +01:00
Makefile	build: non-recursive isisd	2017-08-04 11:09:50 +02:00
README	More cleanup in isisd.	2005-01-01 21:12:56 +00:00
subdir.am	isisd: staticd: need to link directly against libyang	2023-10-27 09:57:02 +00:00

README

Constraints

  o Maximum number of interfaces 255