proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-25 07:28:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5cd29814fa
mirror_frr/bgpd
History
Donatas Abraitis c929e1ab43 bgpd: Flush attrs only if we don't have to announce a conditional route 
To avoid USE:

```
==587645==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000074050 at pc 0x55b34337d96c bp 0x7ffda59bb4c0 sp 0x7ffda59bb4b0
READ of size 8 at 0x604000074050 thread T0
    0 0x55b34337d96b in bgp_attr_flush bgpd/bgp_attr.c:1289
    1 0x55b34368ef85 in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:111
    2 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
    3 0x7f7d41cdf81c in event_call lib/event.c:1980
    4 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
    5 0x55b343371e22 in main bgpd/bgp_main.c:510
    6 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308
    7 0x55b3433769fd in _start (/usr/lib/frr/bgpd+0x2e29fd)

0x604000074050 is located 0 bytes inside of 40-byte region [0x604000074050,0x604000074078)
freed by thread T0 here:
    #0 0x7f7d4207540f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    1 0x55b343396afd in community_free bgpd/bgp_community.c:41
    2 0x55b343396afd in community_free bgpd/bgp_community.c:28
    3 0x55b343397373 in community_intern bgpd/bgp_community.c:458
    4 0x55b34337bed4 in bgp_attr_intern bgpd/bgp_attr.c:967
    5 0x55b34368165b in bgp_advertise_attr_intern bgpd/bgp_advertise.c:106
    6 0x55b3435277d7 in bgp_adj_out_set_subgroup bgpd/bgp_updgrp_adv.c:587
    7 0x55b34368f36b in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:125
    8 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
    9 0x7f7d41cdf81c in event_call lib/event.c:1980
    10 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
    11 0x55b343371e22 in main bgpd/bgp_main.c:510
    12 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f7d42075a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    1 0x7f7d41c3c28e in qcalloc lib/memory.c:105
    2 0x55b3433976e8 in community_dup bgpd/bgp_community.c:514
    3 0x55b34350273a in route_set_community bgpd/bgp_routemap.c:2589
    4 0x7f7d41c96c06 in route_map_apply_ext lib/routemap.c:2690
    5 0x55b34368f2d8 in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:107
    6 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
    7 0x7f7d41cdf81c in event_call lib/event.c:1980
    8 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
    9 0x55b343371e22 in main bgpd/bgp_main.c:510
    10 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308
```

And also a crash:

```
(gdb) bt
0  raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
1  0x00007ff3b7048ce0 in core_handler (signo=6, siginfo=0x7ffc8cf724b0, context=<optimized out>)
    at lib/sigevent.c:246
2  <signal handler called>
3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
4  0x00007ff3b6bb8859 in __GI_abort () at abort.c:79
5  0x00007ff3b6c2326e in __libc_message (action=action@entry=do_abort,
    fmt=fmt@entry=0x7ff3b6d4d298 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
6  0x00007ff3b6c2b2fc in malloc_printerr (
    str=str@entry=0x7ff3b6d4f628 "double free or corruption (fasttop)") at malloc.c:5347
7  0x00007ff3b6c2cc65 in _int_free (av=0x7ff3b6d82b80 <main_arena>, p=0x555c8fa70a10, have_lock=0)
    at malloc.c:4266
8  0x0000555c8da94bd3 in community_free (com=0x7ffc8cf72e70) at bgpd/bgp_community.c:41
9  community_free (com=com@entry=0x7ffc8cf72e70) at bgpd/bgp_community.c:28
10 0x0000555c8da8afc1 in bgp_attr_flush (attr=attr@entry=0x7ffc8cf73040) at bgpd/bgp_attr.c:1290
11 0x0000555c8dbc0760 in bgp_conditional_adv_routes (peer=peer@entry=0x555c8fa627c0,
    afi=afi@entry=AFI_IP, safi=SAFI_UNICAST, table=table@entry=0x555c8fa510b0, rmap=0x555c8fa71cb0,
    update_type=UPDATE_TYPE_ADVERTISE) at bgpd/bgp_conditional_adv.c:111
12 0x0000555c8dbc0b75 in bgp_conditional_adv_timer (t=<optimized out>)
    at bgpd/bgp_conditional_adv.c:301
13 0x00007ff3b705b84c in event_call (thread=thread@entry=0x7ffc8cf73440) at lib/event.c:1980
14 0x00007ff3b700bf98 in frr_run (master=0x555c8f27c090) at lib/libfrr.c:1214
15 0x0000555c8da85f05 in main (argc=<optimized out>, argv=0x7ffc8cf736a8) at bgpd/bgp_main.c:510
```

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit d410587bab)
2023-11-21 15:50:13 +00:00
..
rfapi Revert "lib: register bgp link-state afi/safi" 2023-10-11 05:02:54 +00:00
rfp-example *: Convert struct event_master to struct event_loop 2023-03-24 08:32:17 -04:00
.gitignore
bgp_addpath_types.h bgpd: Implement neighbor X addpath-tx-best-selected command 2023-06-07 22:27:29 +03:00
bgp_addpath.c bgpd: Implement neighbor X addpath-tx-best-selected command 2023-06-07 22:27:29 +03:00
bgp_addpath.h bgpd: Implement neighbor X addpath-tx-best-selected command 2023-06-07 22:27:29 +03:00
bgp_advertise.c bgpd: Ensure send order is 100% consistent 2023-09-21 15:30:08 -04:00
bgp_advertise.h bgpd: bgp_adj_in_unset needs to return the dest pointer 2023-09-11 12:45:59 -04:00
bgp_aspath.c bgpd: Drop redundant assignment for aspath segment type and length 2023-10-05 22:46:54 +03:00
bgp_aspath.h bgpd: add set as-path exclude acl-list command 2023-08-07 12:30:34 +02:00
bgp_attr_evpn.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_attr_evpn.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_attr.c bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI 2023-11-05 16:31:57 +00:00
bgp_attr.h bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI 2023-11-05 16:31:57 +00:00
bgp_bfd.c bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_bfd.h *: Convert struct event_master to struct event_loop 2023-03-24 08:32:17 -04:00
bgp_bmp.c bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_bmp.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
bgp_btoa.c Revert "lib: register bgp link-state afi/safi" 2023-10-11 05:02:54 +00:00
bgp_clist.c bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_clist.h bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_community_alias.c *: Add a hash_clean_and_free() function 2023-03-21 08:54:21 -04:00
bgp_community_alias.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_community.c bgpd: Remove deprecated COMMUNITY_INTERNET community 2023-08-03 17:12:19 +03:00
bgp_community.h bgpd: Remove deprecated COMMUNITY_INTERNET community 2023-08-03 17:12:19 +03:00
bgp_conditional_adv.c bgpd: Flush attrs only if we don't have to announce a conditional route 2023-11-21 15:50:13 +00:00
bgp_conditional_adv.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_damp.c bgpd: Initialise timebuf arrays to zeros for dampening reuse timer 2023-09-22 12:04:17 +03:00
bgp_damp.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
bgp_debug.c Revert "bgpd: add linkstate debug" 2023-10-11 05:02:50 +00:00
bgp_debug.h Revert "bgpd: add linkstate debug" 2023-10-11 05:02:50 +00:00
bgp_dump.c bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_dump.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_ecommunity.c Merge pull request #13882 from opensourcerouting/fix/dead_code 2023-07-01 14:33:07 -04:00
bgp_ecommunity.h Merge pull request #13722 from fdumontet6WIND/color_extcomm 2023-06-27 13:03:22 +03:00
bgp_encap_tlv.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_encap_tlv.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_encap_types.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_errors.c Revert "bgpd: store bgp link-state prefixes" 2023-10-11 05:02:52 +00:00
bgp_errors.h Revert "bgpd: store bgp link-state prefixes" 2023-10-11 05:02:52 +00:00
bgp_evpn_mh.c bgpd: bgp_evpn_es_route_del_all should not free dest until after looping 2023-09-11 12:45:59 -04:00
bgp_evpn_mh.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
bgp_evpn_private.h bgpd: Convert from struct bgp_node to struct bgp_dest 2023-08-22 09:35:46 +08:00
bgp_evpn_vty.c *: Do not cast to the same type as the destination is 2023-09-29 10:24:16 +03:00
bgp_evpn_vty.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_evpn.c bgpd: Make debug a passed in variable for bgp_evpn_path_info_cmp 2023-09-19 15:51:05 -04:00
bgp_evpn.h bgpd: bgp_path_info_extra memory optimization 2023-08-08 10:48:07 +00:00
bgp_filter.c bgpd: add set as-path exclude acl-list command 2023-07-19 10:57:48 +02:00
bgp_filter.h bgpd: add set as-path exclude acl-list command 2023-07-19 10:57:48 +02:00
bgp_flowspec_private.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_flowspec_util.c bgpd: add some flowspec sanity returns 2023-04-28 22:28:16 +02:00
bgp_flowspec_util.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_flowspec_vty.c bgpd: bgp_path_info_extra memory optimization 2023-08-08 10:48:07 +00:00
bgp_flowspec.c bgpd: Free temp memory 2023-05-29 13:39:14 +04:00
bgp_flowspec.h bgpd: Treat withdraw variable as a bool 2023-04-06 17:41:32 -04:00
bgp_fsm.c bgpd: Set TCP MSS for the socket even if the session is set to passive 2023-09-18 15:42:06 +03:00
bgp_fsm.h bgpd: Convert bgp_fsm_nht_update to take a connection 2023-09-10 08:31:25 -04:00
bgp_io.c bgpd: bgp_fsm_change_status/BGP_TIMER_ON and BGP_EVENT_ADD 2023-09-10 08:31:25 -04:00
bgp_io.h bgpd: Convert bgp_io.c to take struct peer_connection 2023-08-18 09:29:04 -04:00
bgp_keepalives.c bgpd: make bgp_keepalives_on|off connection oriented 2023-09-10 08:31:25 -04:00
bgp_keepalives.h bgpd: make bgp_keepalives_on|off connection oriented 2023-09-10 08:31:25 -04:00
bgp_label.c bgpd: bgp_reg_for_label_callback ensure dest exist 2023-09-11 12:45:59 -04:00
bgp_label.h bgpd: add a function to compare two label lists 2023-06-16 10:54:58 +02:00
bgp_labelpool.c bgpd: replace ctime with ctime_r 2023-09-19 16:25:01 -04:00
bgp_labelpool.h bgpd: Use synchronous way to get labels from Zebra 2023-06-20 20:50:10 +03:00
bgp_lcommunity.c bgpd: Fix lcom->str string length to correctly cover aliases 2023-04-20 16:51:56 -04:00
bgp_lcommunity.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_mac.c bgpd: peer_established should be connection oriented 2023-09-10 08:31:25 -04:00
bgp_mac.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_main.c bgpd: Allow bgp to specify if it will allow v6 routing with v4 nexthops 2023-08-03 08:25:20 -04:00
bgp_memory.c bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_memory.h bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_mpath.c bgpd: bgp_path_info_extra memory optimization 2023-08-08 10:48:07 +00:00
bgp_mpath.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_mplsvpn_snmp.c bgpd: Coverity mistakenly believes we can fall through 2023-04-21 07:57:19 -04:00
bgp_mplsvpn_snmp.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_mplsvpn.c bgpd: Ecommunity_dup memory leak fix 2023-10-13 15:48:26 +00:00
bgp_mplsvpn.h bgpd: fix vpn import from local vrf with no retain 2023-09-12 15:17:37 +02:00
bgp_network.c bgpd: Set the TTL for the correct socket 2023-09-25 22:25:32 +03:00
bgp_network.h bgpd: Set TCP min MSS per listener 2023-09-18 22:34:45 +03:00
bgp_nexthop.c bgpd: replace ctime with ctime_r 2023-09-19 16:25:01 -04:00
bgp_nexthop.h bgpd: rename bnc->ifindex to bnc->ifindex_ipv6_ll 2023-07-13 12:05:15 +02:00
bgp_nht.c bgpd: Move the peer->su to connection->su 2023-09-10 08:31:25 -04:00
bgp_nht.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_open.c bgpd: Set the software version capability received flag only after a validation 2023-11-09 16:03:01 +02:00
bgp_open.h bgpd: Move BGP_CAP_LLGR_MIN_PACKET_LEN to headers file 2023-09-13 11:30:47 +03:00
bgp_packet.c bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI 2023-11-05 16:31:57 +00:00
bgp_packet.h bgpd: First pass of BGP_EVENT_ADD 2023-09-10 08:31:25 -04:00
bgp_pbr.c bgpd: bgp_path_info_extra memory optimization 2023-08-08 10:48:07 +00:00
bgp_pbr.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_rd.c Merge pull request #12248 from pguibert6WIND/bgpasdot 2023-02-21 08:01:03 -05:00
bgp_rd.h Merge pull request #12248 from pguibert6WIND/bgpasdot 2023-02-21 08:01:03 -05:00
bgp_regex.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_regex.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_route.c Revert "lib: register bgp link-state afi/safi" 2023-10-11 05:02:54 +00:00
bgp_route.h bgpd: Use proper AFI when dumping information for dampening stuff 2023-09-22 12:04:17 +03:00
bgp_routemap_nb_config.c bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_routemap_nb.c bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_routemap_nb.h bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_routemap.c bgpd: add 'match community-list any' function 2023-10-02 15:24:18 +02:00
bgp_rpki.c bgpd: peer_established should be connection oriented 2023-09-10 08:31:25 -04:00
bgp_rpki.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_script.c bgpd: Convert struct peer_connection to dynamically allocated 2023-08-18 09:29:04 -04:00
bgp_script.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_snmp_bgp4.c bgpd: fix pointer arithmetic in bgp snmp module 2023-09-21 13:30:06 -04:00
bgp_snmp_bgp4.h *: Convert struct event_master to struct event_loop 2023-03-24 08:32:17 -04:00
bgp_snmp_bgp4v2.c bgpd: fix build error 2023-11-12 09:08:05 +00:00
bgp_snmp_bgp4v2.h bgpd: snmp MIB bgp4v2 fix indexes in OID 2023-09-19 14:26:41 +02:00
bgp_snmp.c *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
bgp_snmp.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_table.c Revert "bgpd: store bgp link-state prefixes" 2023-10-11 05:02:52 +00:00
bgp_table.h bgpd: bgp_clear_adj_in|remove dest may be freed 2023-09-10 12:14:00 -04:00
bgp_trace.c *: make sure config.h or zebra.h is first 2021-04-23 12:06:35 +02:00
bgp_trace.h bgpd: Convert bgp_io.c to take struct peer_connection 2023-08-18 09:29:04 -04:00
bgp_updgrp_adv.c bgpd: bgp_fsm_change_status/BGP_TIMER_ON and BGP_EVENT_ADD 2023-09-10 08:31:25 -04:00
bgp_updgrp_packet.c bgpd: Assign explicit-null for default-originate according to the AFI 2023-08-11 10:52:40 +03:00
bgp_updgrp.c bgpd: fix return of local from ctime_r 2023-09-21 08:20:49 -04:00
bgp_updgrp.h bgpd: Remove withdraw_low from system, it is never used 2023-07-21 12:46:31 -04:00
bgp_vnc_types.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_vpn.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_vpn.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
bgp_vty.c Revert "lib: register bgp link-state afi/safi" 2023-10-11 05:02:54 +00:00
bgp_vty.h Revert "bgpd: add show bgp link-state link-state commands" 2023-10-11 05:02:50 +00:00
bgp_zebra.c Revert "bgpd: do not announce link-state routes to zebra" 2023-10-11 05:02:51 +00:00
bgp_zebra.h bgpd: fix redistribute table command after bgp restarts 2023-08-29 11:37:18 +02:00
bgpd.c Revert "bgpd: add bgp link-state address-family configuration context" 2023-10-11 05:02:53 +00:00
bgpd.h Revert "lib: register bgp link-state afi/safi" 2023-10-11 05:02:54 +00:00
Makefile
subdir.am Revert "bgpd: store bgp link-state prefixes" 2023-10-11 05:02:52 +00:00