proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-03 15:16:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
33,879 Commits 4 Branches 191 Tags 125 MiB
C 71.4%
Python 26.5%
Perl 0.6%
M4 0.6%
Shell 0.3%
Other 0.4%
9561f9671d
Go to file
Louis Scalbert 9561f9671d bgpd: fix bgp_best_selection heap-use-after-free 
Fix bgp_best_selection heap-use-after-free

> ==2521540==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000032810 at pc 0x000000716f45 bp 0x7ffedc6229d0 sp 0x7ffedc6229c8
> READ of size 8 at 0x60d000032810 thread T0
>     #0 0x716f44 in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2834:5
>     #1 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2
>     #2 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3
>     #3 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10
>     #4 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #5 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #6 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #7 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16
>     #8 0x449629 in _start (/usr/lib/frr/bgpd+0x449629)
>
> 0x60d000032810 is located 48 bytes inside of 144-byte region [0x60d0000327e0,0x60d000032870)
> freed by thread T0 here:
>     #0 0x4c341d in free (/usr/lib/frr/bgpd+0x4c341d)
>     #1 0x7fe6308d7420 in qfree /home/lscalber/git/frr/lib/memory.c:130:2
>     #2 0x702632 in bgp_path_info_free_with_caller /home/lscalber/git/frr/bgpd/bgp_route.c:300:2
>     #3 0x702023 in bgp_path_info_unlock /home/lscalber/git/frr/bgpd/bgp_route.c:315:3
>     #4 0x703bc6 in bgp_path_info_reap /home/lscalber/git/frr/bgpd/bgp_route.c:461:2
>     #5 0x716e5d in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2829:12
>     #6 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2
>     #7 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3
>     #8 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10
>     #9 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #10 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #11 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #12 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16
>
> previously allocated by thread T0 here:
>     #0 0x4c3812 in calloc (/usr/lib/frr/bgpd+0x4c3812)
>     #1 0x7fe6308d7178 in qcalloc /home/lscalber/git/frr/lib/memory.c:105:27
>     #2 0x71f5b4 in info_make /home/lscalber/git/frr/bgpd/bgp_route.c:3985:8
>     #3 0x725293 in bgp_update /home/lscalber/git/frr/bgpd/bgp_route.c:4881:8
>     #4 0x73083d in bgp_nlri_parse_ip /home/lscalber/git/frr/bgpd/bgp_route.c:6230:4
>     #5 0x6ba980 in bgp_nlri_parse /home/lscalber/git/frr/bgpd/bgp_packet.c:341:10
>     #6 0x6cca2a in bgp_update_receive /home/lscalber/git/frr/bgpd/bgp_packet.c:2412:15
>     #7 0x6c6788 in bgp_process_packet /home/lscalber/git/frr/bgpd/bgp_packet.c:3887:11
>     #8 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2
>     #9 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3
>     #10 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2
>     #11 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16

Fixes: ddb5b4880b ("bgpd: vpn-vrf route leaking")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
2023-11-28 16:19:39 +01:00
.github github: Add rebase label on PR if it's > 50 commits behind 2023-05-09 09:37:23 +03:00
alpine docker: Use openssl instead of libressl 2023-07-31 11:04:30 +03:00
babeld *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
bfdd *: Let's use the native IFNAMSIZ instead of INTERFACE_NAMSIZ 2023-11-21 08:08:29 -05:00
bgpd bgpd: fix bgp_best_selection heap-use-after-free 2023-11-28 16:19:39 +01:00
debian redhat, debian: Update release notes for 9.1 release 2023-11-27 08:51:59 +02:00
doc docker: fix typos in docs for ubuntu20-ci and ubuntu22-ci 2023-11-26 19:21:49 +03:00
docker docker: fix typos in docs for ubuntu20-ci and ubuntu22-ci 2023-11-26 19:21:49 +03:00
eigrpd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
fpm *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
gdb *: Rename thread.[ch] to event.[ch] 2023-03-24 08:32:16 -04:00
grpc *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
include bgpd,lib,sharpd,zebra: srv6 introduce multiple segs/SIDs in nexthop 2023-09-20 15:07:15 +02:00
isisd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
ldpd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
lib Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
m4 build: fix sed regex in Lua macro 2022-12-08 12:39:17 +01:00
mgmtd Merge pull request #14858 from idryzhov/mgmtd-error-msg 2023-11-23 08:09:45 +02:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
ospf6d *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
ospfclient *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
ospfd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
pathd *: add zclient_options_sync 2023-11-23 15:20:13 +01:00
pbrd pbrd: replace receive_notify with request 2023-11-23 14:57:36 +01:00
pceplib *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pimd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
pkgsrc mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
python [ospfd]: add support for RFC 5709 HMAC-SHA Auth 2023-09-16 07:38:23 +03:30
qpb mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
redhat redhat, debian: Update release notes for 9.1 release 2023-11-27 08:51:59 +02:00
ripd *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
ripngd *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
sharpd sharpd: replace receive_notify with request 2023-11-23 14:57:58 +01:00
snapcraft snapcraft: Use libyang 2.1.80 2023-07-20 21:46:38 +03:00
staticd staticd: replace receive_notify with request 2023-11-23 14:59:09 +01:00
tests tests: bgp_snmp_bgp4v2mib fix some random failure 2023-11-22 07:24:00 +00:00
tools *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
vrrpd *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
vtysh vtysh: clean vtysh_file_locked when exiting config node 2023-11-17 03:16:36 +01:00
watchfrr watchfrr: Extend ignore option to daemon being killed 2023-10-18 14:30:03 -04:00
yang bgpd: Enable enforce-first-as by default 2023-10-27 14:27:02 +03:00
zebra Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
.clang-format *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.flake8 style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore doc: configure: add configure option to generate .ccls file 2023-05-18 09:32:32 -04:00
.isort.cfg style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.pylintrc style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac *: Remove APPLE #defines from build 2023-11-07 06:46:19 -05:00
COPYING *: sort out & explain licenses used in FRR 2023-02-09 12:46:13 +01:00
Makefile.am build: clean up mgmtd lib protobuf make syntax 2023-03-27 16:44:27 -04:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

README.md

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org