mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-04-28 21:20:48 +00:00
6188d70c21
The loading_done event needs a event pointer to prevent
use after free's. Testing found this:
ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290
READ of size 1 at 0x613000035130 thread T0
#0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447
#1 0x55ad42ed7be4 in event_call lib/event.c:1995
#2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
#3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
#4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19)
0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280)
freed by thread T0 here:
#0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
#1 0x55ad42e3b4b6 in qfree lib/memory.c:130
#2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180
#3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930
#4 0x55ad42ed7be4 in event_call lib/event.c:1995
#5 0x55ad42ed84fe in _event_execute lib/event.c:2086
#6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847
#7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755
#8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778
#9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42
#10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994
#11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053
#12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221
#13 0x55ad42ee3cd6 in vty_command lib/vty.c:591
#14 0x55ad42ee4170 in vty_execute lib/vty.c:1354
#15 0x55ad42eec94f in vtysh_read lib/vty.c:2362
#16 0x55ad42ed7be4 in event_call lib/event.c:1995
#17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
#18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
#19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
previously allocated by thread T0 here:
#0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x55ad42e3ab22 in qcalloc lib/memory.c:105
#2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119
#3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464
#4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884
#5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925
#6 0x55ad42ed7be4 in event_call lib/event.c:1995
#7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
#8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
#9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Add an actual event pointer and just track it appropriately.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Makefile | ||
| ospf6_abr.c | ||
| ospf6_abr.h | ||
| ospf6_area.c | ||
| ospf6_area.h | ||
| ospf6_asbr.c | ||
| ospf6_asbr.h | ||
| ospf6_auth_trailer.c | ||
| ospf6_auth_trailer.h | ||
| ospf6_bfd.c | ||
| ospf6_bfd.h | ||
| ospf6_flood.c | ||
| ospf6_flood.h | ||
| ospf6_gr_helper.c | ||
| ospf6_gr.c | ||
| ospf6_gr.h | ||
| ospf6_interface.c | ||
| ospf6_interface.h | ||
| ospf6_intra.c | ||
| ospf6_intra.h | ||
| ospf6_lsa.c | ||
| ospf6_lsa.h | ||
| ospf6_lsdb.c | ||
| ospf6_lsdb.h | ||
| ospf6_main.c | ||
| ospf6_message.c | ||
| ospf6_message.h | ||
| ospf6_neighbor.c | ||
| ospf6_neighbor.h | ||
| ospf6_network.c | ||
| ospf6_network.h | ||
| ospf6_nssa.c | ||
| ospf6_nssa.h | ||
| ospf6_proto.c | ||
| ospf6_proto.h | ||
| ospf6_route.c | ||
| ospf6_route.h | ||
| ospf6_routemap_nb_config.c | ||
| ospf6_routemap_nb.c | ||
| ospf6_routemap_nb.h | ||
| ospf6_snmp.c | ||
| ospf6_spf.c | ||
| ospf6_spf.h | ||
| ospf6_top.c | ||
| ospf6_top.h | ||
| ospf6_zebra.c | ||
| ospf6_zebra.h | ||
| ospf6d.c | ||
| ospf6d.h | ||
| README | ||
| subdir.am | ||
Zebra OSPF daemon for IPv6 network
2003/08/18
README for newer code is not yet. General usage should remain
the same. For further usage, see command helps by typing '?'
in vty, and then imagin ! ;p) Previous README contents follows.
Zebra OSPF daemon for IPv6 network
2001/12/20
Zebra OSPF6d is OSPF version 3 daemon which is specified by
"OSPF for IPv6" (RFC 2740).
*** NOTE ***
Zebra ospf6d is in development yet. It may lack some functionalities,
and may have some bugs. Use the latest version from the anoncvs
repository (http://www.zebra.org/cvs.html) !
This file README is like memo yet, so please feel free to ask
<yasu@sfc.wide.ad.jp> by E-mail. Patches will be appriciated.
ospf6d's vty port was default to 2606/tcp.
Use commands below.
VIEW NODE:
show ipv6 ospf6
To see Router-ID, uptime of ospf6d, some statistics.
show ipv6 ospf6 database ...
This command shows LSA database. You can specify
LS-type/LS-ID/Advertising-Router of LSAs. '*' is recognized.
show ipv6 ospf6 interface ...
To see the status of the OSPF interface, and the configuration
like interface costs.
show ipv6 ospf6 neighbor ...
Shows state of neighbors and choosed (Backup) DR on the I/F.
show ipv6 ospf6 route (X::X)
This command shows internal routing table of the ospf6d.
Routes not calculated by OSPFv3 (like connected routes)
are not shown. If Address is specified (X::X), shows the route
that the address matches.
show ipv6 ospf6 route redistribute (X::X)
Shows the routes advertised as AS-External routes by the router
itself. If Address is specified (X::X), shows the route
that the address matches.
CONFIG NODE:
interface NAME
To enter INTERFACE NODE
router ospf6 ...
To enter OSPF6 NODE
INTERFACE NODE:
ipv6 ospf6 cost COST
Sets the interface's output cost. Depends on interface bandwidth by default.
ipv6 ospf6 hello-interval HELLOINTERVAL
Sets the interface's Hello Interval. default 10
ipv6 ospf6 dead-interval DEADINTERVAL
Sets the interface's Router Dead Interval. default 40
ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL
Sets the interface's Rxmt Interval. default 5
ipv6 ospf6 priority PRIORITY
Sets the interface's Router Priority. default 1
ipv6 ospf6 transmit-delay TRANSMITDELAY
Sets the interface's Inf-Trans-Delay. default 1
OSPF6 NODE:
router-id A.B.C.D
Sets the router's Router-ID
interface NAME area AREA
Binds interface to specified Area, and start
sending OSPFv3 packets.
auto-cost reference-bandwidth COST
Sets the reference bandwidth for cost calculations, where this
bandwidth is considered equivalent to an OSPF cost of 1, specified
in Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth
100Mbit/s or higher will have a cost of 1. Cost of lower bandwidth
links will be scaled with reference to this cost). This
configuration setting MUST be consistent across all routers within
the OSPF domain.
Sample configuration is in ospf6d.conf.sample.
--
Yasuhiro Ohara <yasu@sfc.wide.ad.jp>
Kunihiro Ishiguro <kunihiro@zebra.org>