proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-27 06:50:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
34,961 Commits 4 Branches 191 Tags 125 MiB
C 71.4%
Python 26.5%
Perl 0.6%
M4 0.6%
Shell 0.3%
Other 0.4%
d7672a6496
Go to file
Louis Scalbert d7672a6496 isisd: fix heap-after-free with prefix sid 
> ==2334217==ERROR: AddressSanitizer: heap-use-after-free on address 0x61000001d0a0 at pc 0x563828c8de6f bp 0x7fffbdaee560 sp 0x7fffbdaee558
> READ of size 1 at 0x61000001d0a0 thread T0
>     #0 0x563828c8de6e in prefix_sid_cmp isisd/isis_spf.c:187
>     #1 0x7f84b8204f71 in hash_get lib/hash.c:142
>     #2 0x7f84b82055ec in hash_lookup lib/hash.c:184
>     #3 0x563828c8e185 in isis_spf_prefix_sid_lookup isisd/isis_spf.c:209
>     #4 0x563828c90642 in isis_spf_add2tent isisd/isis_spf.c:598
>     #5 0x563828c91cd0 in process_N isisd/isis_spf.c:824
>     #6 0x563828c93852 in isis_spf_process_lsp isisd/isis_spf.c:1041
>     #7 0x563828c98dde in isis_spf_loop isisd/isis_spf.c:1821
>     #8 0x563828c998de in isis_run_spf isisd/isis_spf.c:1983
>     #9 0x563828c99c7b in isis_run_spf_with_protection isisd/isis_spf.c:2009
>     #10 0x563828c9a60d in isis_run_spf_cb isisd/isis_spf.c:2090
>     #11 0x7f84b835c72d in event_call lib/event.c:2011
>     #12 0x7f84b8236d93 in frr_run lib/libfrr.c:1217
>     #13 0x563828c21918 in main isisd/isis_main.c:346
>     #14 0x7f84b7e4fd09 in __libc_start_main ../csu/libc-start.c:308
>     #15 0x563828c20df9 in _start (/usr/lib/frr/isisd+0xf5df9)
>
> 0x61000001d0a0 is located 96 bytes inside of 184-byte region [0x61000001d040,0x61000001d0f8)
> freed by thread T0 here:
>     #0 0x7f84b88a9b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
>     #1 0x7f84b8263bae in qfree lib/memory.c:130
>     #2 0x563828c8e433 in isis_vertex_del isisd/isis_spf.c:249
>     #3 0x563828c91c95 in process_N isisd/isis_spf.c:811
>     #4 0x563828c93852 in isis_spf_process_lsp isisd/isis_spf.c:1041
>     #5 0x563828c98dde in isis_spf_loop isisd/isis_spf.c:1821
>     #6 0x563828c998de in isis_run_spf isisd/isis_spf.c:1983
>     #7 0x563828c99c7b in isis_run_spf_with_protection isisd/isis_spf.c:2009
>     #8 0x563828c9a60d in isis_run_spf_cb isisd/isis_spf.c:2090
>     #9 0x7f84b835c72d in event_call lib/event.c:2011
>     #10 0x7f84b8236d93 in frr_run lib/libfrr.c:1217
>     #11 0x563828c21918 in main isisd/isis_main.c:346
>     #12 0x7f84b7e4fd09 in __libc_start_main ../csu/libc-start.c:308
>
> previously allocated by thread T0 here:
>     #0 0x7f84b88aa037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
>     #1 0x7f84b8263a6c in qcalloc lib/memory.c:105
>     #2 0x563828c8e262 in isis_vertex_new isisd/isis_spf.c:225
>     #3 0x563828c904db in isis_spf_add2tent isisd/isis_spf.c:588
>     #4 0x563828c91cd0 in process_N isisd/isis_spf.c:824
>     #5 0x563828c93852 in isis_spf_process_lsp isisd/isis_spf.c:1041
>     #6 0x563828c98dde in isis_spf_loop isisd/isis_spf.c:1821
>     #7 0x563828c998de in isis_run_spf isisd/isis_spf.c:1983
>     #8 0x563828c99c7b in isis_run_spf_with_protection isisd/isis_spf.c:2009
>     #9 0x563828c9a60d in isis_run_spf_cb isisd/isis_spf.c:2090
>     #10 0x7f84b835c72d in event_call lib/event.c:2011
>     #11 0x7f84b8236d93 in frr_run lib/libfrr.c:1217
>     #12 0x563828c21918 in main isisd/isis_main.c:346
>     #13 0x7f84b7e4fd09 in __libc_start_main ../csu/libc-start.c:308
>
> SUMMARY: AddressSanitizer: heap-use-after-free isisd/isis_spf.c:187 in prefix_sid_cmp
> Shadow bytes around the buggy address:
>   0x0c207fffb9c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>   0x0c207fffb9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>   0x0c207fffb9e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>   0x0c207fffb9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>   0x0c207fffba00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
> =>0x0c207fffba10: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fa
>   0x0c207fffba20: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>   0x0c207fffba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>   0x0c207fffba40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
>   0x0c207fffba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
>   0x0c207fffba60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:       fa
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
>   Shadow gap:              cc
> ==2334217==ABORTING

Fixes: 2f7cc7bcd3 ("isisd: detect Prefix-SID collisions and handle them appropriately")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit e697de5843)
2024-05-23 20:08:26 +00:00
.github github: Mark the build as failed if 'do not merge' label is set 2023-12-22 10:29:52 +02:00
alpine docker: Fix post function for Alpine build (package) 2024-03-12 20:34:30 +00:00
babeld *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
bfdd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
bgpd Merge pull request #16045 from FRRouting/mergify/bp/stable/10.0/pr-16033 2024-05-20 15:21:12 -04:00
debian debian, redhat, snapcraft: Libyang min version is 2.1.128 2024-04-17 15:11:31 +00:00
doc pimd: fix dr-priority range 2024-05-09 13:54:46 +00:00
docker docker: Do not use pip Python package manager 2024-03-12 20:34:30 +00:00
eigrpd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
fpm *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
gdb lib: add simplified native msg support 2023-12-26 08:34:56 -05:00
grpc *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
include lib: Drop include/linux/mroute[6].h 2024-03-12 20:34:30 +00:00
isisd isisd: fix heap-after-free with prefix sid 2024-05-23 20:08:26 +00:00
ldpd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
lib lib: remove nb/yang memory cleanup when daemonizing 2024-05-17 10:23:11 +00:00
m4 build: add recursion limit for AX_RECURSIVE_EVAL 2024-01-27 19:01:19 +01:00
mgmtd mgmtd: change error message 2024-03-07 07:26:36 +00:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd nhrp: fix race condition 2024-02-07 23:05:20 +00:00
ospf6d ospf6d: accept CLI no for point-to-multipoint 2024-05-04 14:07:55 +00:00
ospfclient *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
ospfd Merge pull request #15952 from FRRouting/mergify/bp/stable/10.0/pr-15846 2024-05-08 14:47:26 +03:00
pathd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
pbrd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
pceplib Merge pull request #15215 from donaldsharp/pceplib_fixup 2024-01-25 09:59:59 +02:00
pimd pimd: fix order of operations for evaluating join 2024-05-09 13:54:47 +00:00
pkgsrc build: homologize path handling 2024-01-27 19:02:52 +01:00
python build: remove mgmtd exception from xref2vtysh 2024-01-28 23:28:40 +02:00
qpb qpb: Add missing #include nexthop.h 2024-02-10 00:44:50 +01:00
redhat debian, redhat, snapcraft: Libyang min version is 2.1.128 2024-04-17 15:11:31 +00:00
ripd ripd: fix "clear ip rip" command 2024-03-09 10:16:38 +00:00
ripngd ripngd: fix "clear ipv6 ripng" command 2024-03-09 10:16:38 +00:00
sharpd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
snapcraft debian, redhat, snapcraft: Libyang min version is 2.1.128 2024-04-17 15:11:31 +00:00
staticd Merge pull request #15285 from idryzhov/staticd-nexthop-refcounter 2024-02-08 15:53:30 -05:00
tests topotests: do not check table version 2024-05-17 11:22:30 +00:00
tools tools: Handle seq num for BGP as-path in frr-reload.py 2024-04-30 11:57:47 +00:00
vrrpd *: create a single registry of daemons' default port values 2024-02-01 11:40:02 -05:00
vtysh vtysh: Fix show route-map command when calling via do 2024-04-20 13:07:05 +00:00
watchfrr build: homologize path handling 2024-01-27 19:02:52 +01:00
yang pimd: fix dr-priority range 2024-05-09 13:54:46 +00:00
zebra zebra: Deny the routes if ip protocol CLI refers to an undefined rmap 2024-05-21 14:53:51 +00:00
.clang-format tools: add more libyang iter macros to .clang-format 2023-12-28 17:52:57 +00:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.flake8 style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore tests: add YANG notification test 2024-01-30 14:54:47 -05:00
.isort.cfg style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.pylintrc style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh build: update packaging & docs for dir changes 2024-01-27 19:01:19 +01:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac FRR Release 10.0 2024-04-08 12:17:26 -05:00
COPYING *: sort out & explain licenses used in FRR 2023-02-09 12:46:13 +01:00
Makefile.am build: homologize path handling 2024-01-27 19:02:52 +01:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

README.md

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org