[quagga-dev 11327] [PATCH 1/6] bgpd: fix some bgp_update_main() attribute leaks

David Lamparter equinox at opensourcerouting.org
Wed Jun 4 00:13:00 BST 2014


bgp_update_main() wasn't doing anything to release attribute values
set from route maps for two of its error paths.  To fix, pull up the
appropriate cleanup from further down and apply it here.

bgp_update_rsclient() doesn't have the issue since it immediately
does bgp_attr_intern() on the results from bgp_{export,import}_modifier.

Signed-off-by: David Lamparter <equinox at opensourcerouting.org>
---
 bgpd/bgp_route.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index a919b54..2ff09ea 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -713,11 +713,8 @@ bgp_input_modifier (struct peer *peer, struct prefix *p, struct attr *attr,
       peer->rmap_type = 0;
 
       if (ret == RMAP_DENYMATCH)
-	{
-	  /* Free newly generated AS path and community by route-map. */
-	  bgp_attr_flush (attr);
-	  return RMAP_DENY;
-	}
+	/* caller has multiple error paths with bgp_attr_flush() */
+	return RMAP_DENY;
     }
   return RMAP_PERMIT;
 }
@@ -2143,10 +2140,14 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr,
   new_attr.extra = &new_extra;
   bgp_attr_dup (&new_attr, attr);
 
-  /* Apply incoming route-map. */
+  /* Apply incoming route-map.
+   * NB: new_attr may now contain newly allocated values from route-map "set"
+   * commands, so we need bgp_attr_flush in the error paths, until we intern
+   * the attr (which takes over the memory references) */
   if (bgp_input_modifier (peer, p, &new_attr, afi, safi) == RMAP_DENY)
     {
       reason = "route-map;";
+      bgp_attr_flush (&new_attr);
       goto filtered;
     }
 
@@ -2160,6 +2161,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr,
 	  && ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK))
 	{
 	  reason = "non-connected next-hop;";
+	  bgp_attr_flush (&new_attr);
 	  goto filtered;
 	}
 
@@ -2170,6 +2172,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr,
 	  || bgp_nexthop_self (&new_attr))
 	{
 	  reason = "martian next-hop;";
+	  bgp_attr_flush (&new_attr);
 	  goto filtered;
 	}
     }
-- 
1.8.5.5





More information about the Quagga-dev mailing list