ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

linux-cp: fix crash on processing dump of routes

Browse Source 
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.

With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.

Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This commit is contained in:
Alexander Chernavin
2023-07-11 11:10:48 +00:00
committed by Matthew Smith
parent cf1880284c
commit df4d342d76
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/plugins/linux-cp/lcp_nl.c
+10 -3
View File
@@ -205,10 +205,17 @@ nl_route_del (struct rtnl_route *rr, void *arg)
static void
nl_route_add (struct rtnl_route *rr, void *arg)
{
nl_msg_info_t *msg_info = (nl_msg_info_t *) arg;
struct nlmsghdr *nlh = nlmsg_hdr (msg_info->msg);
int is_replace = 0;
FOREACH_VFT_CTX (nvl_rt_route_add, rr, (nlh->nlmsg_flags & NLM_F_REPLACE));
if (arg)
{
nl_msg_info_t *msg_info = (nl_msg_info_t *) arg;
struct nlmsghdr *nlh = nlmsg_hdr (msg_info->msg);
is_replace = (nlh->nlmsg_flags & NLM_F_REPLACE);
}
FOREACH_VFT_CTX (nvl_rt_route_add, rr, is_replace);
}
static void