Go to file
Donatas Abraitis 474555e15c bgpd: Intern default-originate attributes to avoid use-after-free
When we receive a default route from a peer and we originate default route
using `neighbor default-originate`, we do not track of struct attr we use,
and when we do `no neighbor default-originate` we withdraw our generated
default route, but we announce default-route from the peer.

After we do this, we unintern aspath (which was used for default-originate),
BUT it was used also for peer's default route we received.

And here we have a use-after-free crash, because bgp_process_main_one()
reaps old paths that are marked as BGP_PATH_REMOVED with aspath->refcnt > 0,
but here it's 0.

```
0 0x55c24bbcd022 in aspath_key_make bgpd/bgp_aspath.c:2070
1 0x55c24b8f1140 in attrhash_key_make bgpd/bgp_attr.c:777
2 0x7f52322e66c9 in hash_release lib/hash.c:220
3 0x55c24b8f6017 in bgp_attr_unintern bgpd/bgp_attr.c:1271
4 0x55c24ba0acaa in bgp_path_info_free_with_caller bgpd/bgp_route.c:283
5 0x55c24ba0a7de in bgp_path_info_unlock bgpd/bgp_route.c:309
6 0x55c24ba0af6d in bgp_path_info_reap bgpd/bgp_route.c:426
7 0x55c24ba17b9a in bgp_process_main_one bgpd/bgp_route.c:3333
8 0x55c24ba18a1d in bgp_process_wq bgpd/bgp_route.c:3425
9 0x7f52323c2cd5 in work_queue_run lib/workqueue.c:282
10 0x7f52323aab92 in thread_call lib/thread.c:2006
11 0x7f5232300dc7 in frr_run lib/libfrr.c:1198
12 0x55c24b8ea792 in main bgpd/bgp_main.c:520
13 0x7f5231c3a082 in __libc_start_main ../csu/libc-start.c:308
14 0x55c24b8ef0bd in _start (/usr/lib/frr/bgpd+0x2c90bd)
    ```

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit e9340ff429)
2023-02-10 00:26:28 +00:00
.github tools: Add commit linter 2023-01-31 13:25:25 +02:00
alpine docker,alpine: Remove isl from dependencies 2023-01-06 23:48:23 +09:00
babeld babeld: Fix filtering against all interfaces 2023-02-06 11:08:25 +00:00
bfdd bfdd: fix size_t format string 2023-01-27 12:01:20 +01:00
bgpd bgpd: Intern default-originate attributes to avoid use-after-free 2023-02-10 00:26:28 +00:00
debian debian: merge changelogs 2023-01-24 18:19:42 +01:00
doc Merge pull request #12715 from opensourcerouting/fix/contribution_guid_squash_random_commits 2023-02-07 10:42:53 -06:00
docker docker: Use Alpine 3.17 as base image 2022-12-02 15:42:00 +02:00
eigrpd *: introduce function for sequence numbers 2023-01-20 15:40:28 -03:00
fpm build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
gdb gdb: Add a macro to walk memory allocations 2022-08-24 07:13:29 -04:00
grpc build: fix gRPC build dependencies 2022-10-26 17:12:34 +01:00
include include: add pkt_cls.h to automake headers 2022-11-22 22:35:34 +08:00
isisd *: fix non-const northbound XPath format strings 2023-01-27 12:01:20 +01:00
ldpd Merge pull request #12713 from opensourcerouting/fix/json_naming_deprecation 2023-02-01 15:39:18 -05:00
lib lib, bgpd: Add ability to specify that some json output should not be pretty 2023-02-02 10:28:19 -05:00
m4 build: fix sed regex in Lua macro 2022-12-08 12:39:17 +01:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd build, vtysh: extract vtysh commands from .xref 2022-10-26 17:12:34 +01:00
ospf6d *: Drop deprecated incorrect JSON fields with wrong naming 2023-01-31 10:18:28 +02:00
ospfclient ospfd, ospfclient: Do not just include .c files in another .c 2022-12-05 11:55:14 -05:00
ospfd *: Drop deprecated incorrect JSON fields with wrong naming 2023-01-31 10:18:28 +02:00
pathd *: fix non-const northbound XPath format strings 2023-01-27 12:01:20 +01:00
pbrd pbrd: fix large tableids displayed as negative 2023-02-09 10:48:36 +00:00
pceplib pceplib: add <time.h> include for time_t 2023-02-06 20:31:22 +00:00
pimd Merge pull request #12713 from opensourcerouting/fix/json_naming_deprecation 2023-02-01 15:39:18 -05:00
pkgsrc *: cleanup .gitignore files 2018-09-08 21:30:42 +02:00
python python: hide inet_ntoa from frrbot 2022-10-28 11:18:06 +01:00
qpb qpb: Tell coverity the actual size we are copying 2022-08-02 15:34:43 -04:00
redhat debian, redhat: updating changelog for new release 2022-12-20 09:53:59 -06:00
ripd build, vtysh: extract vtysh commands from .xref 2022-10-26 17:12:34 +01:00
ripngd build, vtysh: extract vtysh commands from .xref 2022-10-26 17:12:34 +01:00
sharpd sharpd: traffic control PoC 2022-11-22 22:35:35 +08:00
snapcraft snapcraft: Add pim6 daemon for PIM IPv6 to snap package 2022-11-19 12:52:36 +01:00
staticd Merge pull request #12695 from opensourcerouting/format-warnings 2023-01-31 09:01:32 -05:00
tests tests: do not use exclude grep 2023-02-08 19:54:01 +00:00
tools tools: Fix missing pbrd in rsyslog.d 45-frr.conf file 2023-02-08 20:41:16 +00:00
vrrpd vrrpd: add IPv4 pseudoheader option for VRRPv3 2022-11-25 16:21:59 +08:00
vtysh vtysh: Schedule shell access for deprecation 2023-02-01 10:29:02 -05:00
watchfrr Merge pull request #12695 from opensourcerouting/format-warnings 2023-01-31 09:01:32 -05:00
yang yang: fix race condition in embedmodel.py mkdir 2023-01-24 18:19:18 +01:00
zebra Merge pull request #12668 from anlancs/fix/zebra-evpn-missing-advertise 2023-02-04 12:52:22 +02:00
.clang-format lib: add _last and _prev on typesafe RB/DLIST 2022-03-12 13:23:36 +01:00
.dir-locals.el tests: remove python format block from dir-locals 2021-09-13 10:04:29 -04:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore *: Add some missed make check generated files in .gitignore 2021-09-16 08:13:17 -04:00
.pylintrc tests: micronet: update infra 2021-09-04 09:04:46 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh build: remove --enable-exampledir 2021-06-24 16:42:58 +02:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac build: enable format string warnings 2023-01-27 12:01:20 +01:00
COPYING *: make consistent & update GPLv2 file headers 2017-05-15 16:37:41 +02:00
COPYING-LGPLv2.1 build: remove LGPL v2.0, add LGPL v2.1 2016-11-15 17:19:38 +09:00
Makefile.am packaging: Reuse frr.logrotate for Debian and Redhat builds 2022-11-08 11:17:56 +02:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org