Skip to content

Commit e613e12

Browse files
donaldsharpdonaldsharp
committed
bgpd: Ensure that the correct aspath is free'd
Currently in subgroup_default_originate the attr.aspath is set in bgp_attr_default_set, which hashs the aspath and creates a refcount for it. If this is a withdraw the subgroup_announce_check and bgp_adj_out_set_subgroup is called which will intern the attribute. This will cause the the attr.aspath to be set to a new value finally at the bottom of the function it intentionally uninterns the aspath which is not the one that was created for this function. This reduces the other aspath's refcount by 1 and if a clear bgp * is issued fast enough the aspath for that will be removed and the system will crash. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
1 parent 75bd271 commit e613e12

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

bgpd/bgp_updgrp_adv.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -854,6 +854,7 @@ void subgroup_default_originate(struct update_subgroup *subgrp, bool withdraw)
854854
struct bgp *bgp;
855855
struct attr attr;
856856
struct attr *new_attr = &attr;
857+
struct aspath *aspath;
857858
struct prefix p;
858859
struct peer *from;
859860
struct bgp_dest *dest;
@@ -891,6 +892,7 @@ void subgroup_default_originate(struct update_subgroup *subgrp, bool withdraw)
891892
/* make coverity happy */
892893
assert(attr.aspath);
893894

895+
aspath = attr.aspath;
894896
attr.med = 0;
895897
attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC);
896898

@@ -1046,7 +1048,7 @@ void subgroup_default_originate(struct update_subgroup *subgrp, bool withdraw)
10461048
}
10471049
}
10481050

1049-
aspath_unintern(&attr.aspath);
1051+
aspath_unintern(&aspath);
10501052
}
10511053

10521054
/*

0 commit comments

Comments
 (0)