proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-24 22:50:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3abf06b722
mirror_frr/ldpd
History
Donald Sharp 59c5b83b58 ldpd: Prevent usage after free 
We are using data after it has been freed and handed back to the
OS.
Address Sanitizer output:

error	23-Nov-2020 18:53:57	ERROR: AddressSanitizer: heap-use-after-free on address 0x631000024838 at pc 0x55f825998f58 bp 0x7fffa5b0f5b0 sp 0x7fffa5b0f5a0
error	23-Nov-2020 18:53:57	READ of size 4 at 0x631000024838 thread T0
error	23-Nov-2020 18:53:57	    #0 0x55f825998f57 in lde_imsg_compose_parent_sync ldpd/lde.c:226
error	23-Nov-2020 18:53:57	    #1 0x55f8259ca9ed in vlog ldpd/log.c:48
error	23-Nov-2020 18:53:57	    #2 0x55f8259cb1c8 in log_info ldpd/log.c:102
error	23-Nov-2020 18:53:57	    #3 0x55f82599e841 in lde_shutdown ldpd/lde.c:208
error	23-Nov-2020 18:53:57	    #4 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666
error	23-Nov-2020 18:53:57	    #5 0x55f825ac3815 in thread_call lib/thread.c:1681
error	23-Nov-2020 18:53:57	    #6 0x55f825998d5e in lde ldpd/lde.c:160
error	23-Nov-2020 18:53:57	    #7 0x55f82598a289 in main ldpd/ldpd.c:320
error	23-Nov-2020 18:53:57	    #8 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error	23-Nov-2020 18:53:57	    #9 0x55f825982579 in _start (/usr/lib/frr/ldpd+0xb3579)
error	23-Nov-2020 18:53:57
error	23-Nov-2020 18:53:57	0x631000024838 is located 65592 bytes inside of 65632-byte region [0x631000014800,0x631000024860)
error	23-Nov-2020 18:53:57	freed by thread T0 here:
error	23-Nov-2020 18:53:57	    #0 0x7fe3f8a4d7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
error	23-Nov-2020 18:53:57	    #1 0x55f82599e830 in lde_shutdown ldpd/lde.c:206
error	23-Nov-2020 18:53:57	    #2 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666
error	23-Nov-2020 18:53:57	    #3 0x55f825ac3815 in thread_call lib/thread.c:1681
error	23-Nov-2020 18:53:57	    #4 0x55f825998d5e in lde ldpd/lde.c:160
error	23-Nov-2020 18:53:57	    #5 0x55f82598a289 in main ldpd/ldpd.c:320
error	23-Nov-2020 18:53:57	    #6 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error	23-Nov-2020 18:53:57
error	23-Nov-2020 18:53:57	previously allocated by thread T0 here:
error	23-Nov-2020 18:53:57	    #0 0x7fe3f8a4dd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
error	23-Nov-2020 18:53:57	    #1 0x55f825998cb7 in lde ldpd/lde.c:151
error	23-Nov-2020 18:53:57	    #2 0x55f82598a289 in main ldpd/ldpd.c:320
error	23-Nov-2020 18:53:57	    #3 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error	23-Nov-2020 18:53:57

The fix is to put this in global space.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
2020-11-25 07:36:43 -05:00
..
.gitignore *: cleanup .gitignore files 2018-09-08 21:30:42 +02:00
accept.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
address.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
adjacency.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
control.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
control.h lib: standardize use of queue.h 2017-08-17 17:47:05 +02:00
hello.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
init.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
interface.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
keepalive.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
l2vpn.c ldpd: process pw-status in received order 2020-07-20 09:08:15 -04:00
labelmapping.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
lde_lib.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
lde.c ldpd: Prevent usage after free 2020-11-25 07:36:43 -05:00
lde.h ldpd: Fix issue when starting up LDP with no configuration. 2020-09-04 09:24:47 -04:00
ldp_debug.c ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
ldp_debug.h ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
ldp_vty_cmds.c Merge pull request #6789 from volta-networks/feat_ldp_igp_sync 2020-09-11 15:55:04 -03:00
ldp_vty_conf.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
ldp_vty_exec.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
ldp_vty.h ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
ldp_zebra.c *: Convert all usage of zclient_send_message to new enum 2020-11-15 15:04:52 -05:00
ldp.h ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
ldpd.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
ldpd.conf.sample ldpd: adapt the code for Quagga 2016-09-23 09:31:09 -04:00
ldpd.h ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
ldpe.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
ldpe.h ldpd: Adding support for LDP IGP Synchronization 2020-09-09 10:45:41 -04:00
log.c lib: rewrite zlog lock-free & TLS-buffered 2020-04-01 06:53:26 +02:00
log.h ldpd: split log.c into two files 2017-06-05 12:05:22 -03:00
logmsg.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
Makefile build: non-recursive ldpd 2017-08-04 19:09:11 +02:00
neighbor.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
notification.c ldpd: replace inet_ntoa 2020-10-22 15:49:56 -04:00
packet.c *: unify thread/event cancel macros 2020-10-23 12:16:52 -04:00
pfkey.c *: fix config.h/zebra.h include order 2018-09-08 21:30:42 +02:00
socket.c *: Do not cast to the same type 2020-04-08 17:15:06 +03:00
subdir.am vtysh: dynamically generate the list of daemons for commands 2020-10-02 15:06:27 +03:00
util.c *: spelchek 2018-10-25 20:10:57 +02:00