[quagga-dev 4449] Re: bgpd crashes when a neighboring ospfd is stopped

Paul Jakma paul at clubi.ie
Thu Oct 19 23:44:04 BST 2006


A slightly better version - make peer_new() require struct bgp as an 
argument - attached.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
Aren't we lucky our documentation is so sparse noone can accuse us of being
inconsistent? 8)

 	- Rusty Russell on linux-kernel
-------------- next part --------------
? bgpd/DEADJOE
? bgpd/bgp_aspath.c.datasegs
Index: bgpd/ChangeLog
===================================================================
RCS file: /var/cvsroot/quagga/bgpd/ChangeLog,v
retrieving revision 1.120
diff -u -p -r1.120 ChangeLog
--- bgpd/ChangeLog	15 Oct 2006 23:50:16 -0000	1.120
+++ bgpd/ChangeLog	19 Oct 2006 22:41:49 -0000
@@ -1,5 +1,14 @@
 2006-10-15 Paul Jakma <paul.jakma at sun.com>
 
+	* bgpd.c: (peer_new) bgp element of peer absolutely must be
+	  filled in, make peer_new() require it as argument and update
+	  all callers. Fixes a crash reported by Yanek ... and Andrew
+	  Schorr where bgpd would crash in bgp_pcount_adjust trying to
+	  dereference the bgp member of bgp->peer_self, triggered
+	  through redistribution.
+
+2006-10-15 Paul Jakma <paul.jakma at sun.com>
+
 	* bgp_route.c: (bgp_table_stats_walker) NULL deref if table is
 	  empty, bgp_table_top may return NULL, Coverity CID#73.
 	* bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL,
Index: bgpd/bgpd.c
===================================================================
RCS file: /var/cvsroot/quagga/bgpd/bgpd.c,v
retrieving revision 1.35
diff -u -p -r1.35 bgpd.c
--- bgpd/bgpd.c	19 Sep 2006 18:51:53 -0000	1.35
+++ bgpd/bgpd.c	19 Oct 2006 22:41:49 -0000
@@ -765,7 +765,7 @@ peer_unlock (struct peer *peer)
   
 /* Allocate new peer object, implicitely locked.  */
 static struct peer *
-peer_new ()
+peer_new (struct bgp *bgp)
 {
   afi_t afi;
   safi_t safi;
@@ -783,6 +783,7 @@ peer_new ()
   peer->status = Idle;
   peer->ostatus = Idle;
   peer->weight = 0;
+  peer->bgp = bgp;
   peer = peer_lock (peer); /* initial reference */
 
   /* Set default flags.  */
@@ -821,8 +822,7 @@ peer_create (union sockunion *su, struct
   struct peer *peer;
   char buf[SU_ADDRSTRLEN];
 
-  peer = peer_new ();
-  peer->bgp = bgp;
+  peer = peer_new (bgp);
   peer->su = *su;
   peer->local_as = local_as;
   peer->as = remote_as;
@@ -868,8 +868,7 @@ peer_create_accept (struct bgp *bgp)
 {
   struct peer *peer;
 
-  peer = peer_new ();
-  peer->bgp = bgp;
+  peer = peer_new (bgp);
   
   peer = peer_lock (peer); /* bgp peer list reference */
   listnode_add_sort (bgp->peer, peer);
@@ -1344,11 +1343,10 @@ peer_group_get (struct bgp *bgp, const c
   group->bgp = bgp;
   group->name = strdup (name);
   group->peer = list_new ();
-  group->conf = peer_new ();
+  group->conf = peer_new (bgp);
   if (! bgp_flag_check (bgp, BGP_FLAG_NO_DEFAULT_IPV4))
     group->conf->afc[AFI_IP][SAFI_UNICAST] = 1;
   group->conf->host = strdup (name);
-  group->conf->bgp = bgp;
   group->conf->group = group;
   group->conf->as = 0; 
   group->conf->ttl = 1;
@@ -1883,7 +1881,7 @@ bgp_create (as_t *as, const char *name)
   if ( (bgp = XCALLOC (MTYPE_BGP, sizeof (struct bgp))) == NULL)
     return NULL;
   
-  bgp->peer_self = peer_new ();
+  bgp->peer_self = peer_new (bgp);
   bgp->peer_self->host = strdup ("Static announcement");
 
   bgp->peer = list_new ();


More information about the Quagga-dev mailing list