proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-06-04 00:37:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
33,595 Commits 4 Branches 191 Tags 125 MiB
C 71.4%
Python 26.5%
Perl 0.6%
M4 0.6%
Shell 0.3%
Other 0.4%
41c7a439d4
Go to file
Louis Scalbert 41c7a439d4 bgpd: fix bgp_best_selection heap-use-after-free 
Fix bgp_best_selection heap-use-after-free

> ==2521540==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000032810 at pc 0x000000716f45 bp 0x7ffedc6229d0 sp 0x7ffedc6229c8
> READ of size 8 at 0x60d000032810 thread T0
>     #0 0x716f44 in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2834:5
>     #1 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2
>     #2 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3
>     #3 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10
>     #4 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #5 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #6 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #7 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16
>     #8 0x449629 in _start (/usr/lib/frr/bgpd+0x449629)
>
> 0x60d000032810 is located 48 bytes inside of 144-byte region [0x60d0000327e0,0x60d000032870)
> freed by thread T0 here:
>     #0 0x4c341d in free (/usr/lib/frr/bgpd+0x4c341d)
>     #1 0x7fe6308d7420 in qfree /home/lscalber/git/frr/lib/memory.c:130:2
>     #2 0x702632 in bgp_path_info_free_with_caller /home/lscalber/git/frr/bgpd/bgp_route.c:300:2
>     #3 0x702023 in bgp_path_info_unlock /home/lscalber/git/frr/bgpd/bgp_route.c:315:3
>     #4 0x703bc6 in bgp_path_info_reap /home/lscalber/git/frr/bgpd/bgp_route.c:461:2
>     #5 0x716e5d in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2829:12
>     #6 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2
>     #7 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3
>     #8 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10
>     #9 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #10 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #11 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #12 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16
>
> previously allocated by thread T0 here:
>     #0 0x4c3812 in calloc (/usr/lib/frr/bgpd+0x4c3812)
>     #1 0x7fe6308d7178 in qcalloc /home/lscalber/git/frr/lib/memory.c:105:27
>     #2 0x71f5b4 in info_make /home/lscalber/git/frr/bgpd/bgp_route.c:3985:8
>     #3 0x725293 in bgp_update /home/lscalber/git/frr/bgpd/bgp_route.c:4881:8
>     #4 0x73083d in bgp_nlri_parse_ip /home/lscalber/git/frr/bgpd/bgp_route.c:6230:4
>     #5 0x6ba980 in bgp_nlri_parse /home/lscalber/git/frr/bgpd/bgp_packet.c:341:10
>     #6 0x6cca2a in bgp_update_receive /home/lscalber/git/frr/bgpd/bgp_packet.c:2412:15
>     #7 0x6c6788 in bgp_process_packet /home/lscalber/git/frr/bgpd/bgp_packet.c:3887:11
>     #8 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #9 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #10 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #11 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16

Fixes: ddb5b4880b ("bgpd: vpn-vrf route leaking")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 9561f9671d)
2023-11-29 08:45:16 +00:00
.github github: Add rebase label on PR if it's > 50 commits behind 2023-05-09 09:37:23 +03:00
alpine docker: Use openssl instead of libressl 2023-07-31 11:04:30 +03:00
babeld Merge pull request #13333 from donaldsharp/vrf_bitmap_cleanup 2023-07-04 22:11:11 +03:00
bfdd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
bgpd bgpd: fix bgp_best_selection heap-use-after-free 2023-11-29 08:45:16 +00:00
debian debian: Drop 9.2-dev release from stable branch changelog 2023-11-15 22:17:04 +02:00
doc doc: remove duplicated show route-map 2023-11-28 13:47:41 +00:00
docker docker: Install the apk packages regardless of the platform 2023-07-31 11:05:15 +03:00
eigrpd eigrp: use correct memory pool on interface deletion 2023-10-11 14:19:23 +00:00
fpm *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
gdb *: Rename thread.[ch] to event.[ch] 2023-03-24 08:32:16 -04:00
grpc *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
include bgpd,lib,sharpd,zebra: srv6 introduce multiple segs/SIDs in nexthop 2023-09-20 15:07:15 +02:00
isisd isisd: Fix style warnings reported by CI 2023-11-05 21:40:07 +00:00
ldpd ldpd: Stop and free synchronous Zebra client on destroy 2023-06-27 11:47:50 +03:00
lib lib,vtysh: fix show route map JSON output 2023-11-28 13:47:41 +00:00
m4 build: fix sed regex in Lua macro 2022-12-08 12:39:17 +01:00
mgmtd mgmtd: fix local validation 2023-11-08 13:50:36 +00:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd nhrpd: clean up locals in route zapi api 2023-07-10 16:43:53 -04:00
ospf6d ospf6d: Let the user override interface cost for a loopback 2023-11-14 13:57:10 +00:00
ospfclient *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
ospfd ospfd: fix show_ip_ospf_gr_helper 2023-11-21 09:40:59 +00:00
pathd pathd: add no pcep command 2023-10-31 16:05:32 +00:00
pbrd pbrd: fix show pbr map detail json 2023-10-29 08:42:23 +00:00
pceplib *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pimd pimd: Ensure upstream points at the correct rpf 2023-11-02 10:44:09 +00:00
pkgsrc mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
python [ospfd]: add support for RFC 5709 HMAC-SHA Auth 2023-09-16 07:38:23 +03:30
qpb mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
redhat redhat, debian: Update release notes for 9.1 release 2023-11-12 20:08:56 +02:00
ripd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
ripngd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
sharpd *: Do not cast to the same type as the destination is 2023-09-29 10:24:16 +03:00
snapcraft snapcraft: Use libyang 2.1.80 2023-07-20 21:46:38 +03:00
staticd staticd: fix debug commands 2023-11-17 12:27:26 +00:00
tests tests: Set community for conditionally advertised routes 2023-11-21 15:50:12 +00:00
tools tools: fix frr-reload route-map desc cmd 2023-11-02 11:39:40 +00:00
vrrpd Merge pull request #13731 from cyberstorm-mauritius/cid1519841 2023-06-21 23:15:41 +05:30
vtysh lib,vtysh: fix show route map JSON output 2023-11-28 13:47:41 +00:00
watchfrr watchfrr: Extend ignore option to daemon being killed 2023-10-19 15:49:16 +00:00
yang Revert "yang: add bgp link-state" 2023-10-11 05:02:53 +00:00
zebra zebra: fix dplane_ctx_iptable use-after-free 2023-11-24 16:00:06 +00:00
.clang-format lib: add dynamic array type 2023-06-27 18:00:56 -04:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.flake8 style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore doc: configure: add configure option to generate .ccls file 2023-05-18 09:32:32 -04:00
.isort.cfg style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.pylintrc style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac FRR Release 9.1 2023-11-15 17:01:50 +02:00
COPYING *: sort out & explain licenses used in FRR 2023-02-09 12:46:13 +01:00
Makefile.am build: clean up mgmtd lib protobuf make syntax 2023-03-27 16:44:27 -04:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

README.md

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org