From 4eaf14e1e3f07445b88b7775df12445cc8150d5f Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Tue, 19 Sep 2023 15:48:57 -0400 Subject: [PATCH 1/2] bgpd: Prevent use after free from coverity's perspective Prevent a use after free from coverity's perspective. A bgp node may have been freed. Signed-off-by: Donald Sharp --- bgpd/bgp_mplsvpn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c index 9b5d56863619..00930dea6b8f 100644 --- a/bgpd/bgp_mplsvpn.c +++ b/bgpd/bgp_mplsvpn.c @@ -1179,12 +1179,13 @@ leak_update(struct bgp *to_bgp, struct bgp_dest *bn, /* Process change. */ bgp_aggregate_increment(to_bgp, p, bpi, afi, safi); bgp_process(to_bgp, bn, afi, safi); - bgp_dest_unlock_node(bn); if (debug) zlog_debug("%s: ->%s: %pBD Found route, changed attr", __func__, to_bgp->name_pretty, bn); + bgp_dest_unlock_node(bn); + return bpi; } From 250518f8c6b0e4904b5dcf6073fd3841ce7ff4d6 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Tue, 19 Sep 2023 15:51:05 -0400 Subject: [PATCH 2/2] bgpd: Make debug a passed in variable for bgp_evpn_path_info_cmp Signed-off-by: Donald Sharp --- bgpd/bgp_evpn.c | 4 ++-- bgpd/bgp_route.c | 4 ++-- bgpd/bgp_route.h | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/bgpd/bgp_evpn.c b/bgpd/bgp_evpn.c index aa23f0676256..ad101f171a7f 100644 --- a/bgpd/bgp_evpn.c +++ b/bgpd/bgp_evpn.c @@ -1722,8 +1722,8 @@ static void bgp_evpn_get_sync_info(struct bgp *bgp, esi_t *esi, continue; } - if (bgp_evpn_path_info_cmp(bgp, tmp_pi, - second_best_path, &paths_eq)) + if (bgp_evpn_path_info_cmp(bgp, tmp_pi, second_best_path, + &paths_eq, false)) second_best_path = tmp_pi; } diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index df3397af999e..1e4334ed5f43 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1493,11 +1493,11 @@ int bgp_path_info_cmp(struct bgp *bgp, struct bgp_path_info *new, int bgp_evpn_path_info_cmp(struct bgp *bgp, struct bgp_path_info *new, - struct bgp_path_info *exist, int *paths_eq) + struct bgp_path_info *exist, int *paths_eq, + bool debug) { enum bgp_path_selection_reason reason; char pfx_buf[PREFIX2STR_BUFFER] = {}; - bool debug = false; if (debug) prefix2str(bgp_dest_get_prefix(new->net), pfx_buf, diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h index 7470954bf7ae..54fad03e6d4e 100644 --- a/bgpd/bgp_route.h +++ b/bgpd/bgp_route.h @@ -896,7 +896,8 @@ extern bool bgp_update_martian_nexthop(struct bgp *bgp, afi_t afi, safi_t safi, uint8_t type, uint8_t stype, struct attr *attr, struct bgp_dest *dest); extern int bgp_evpn_path_info_cmp(struct bgp *bgp, struct bgp_path_info *new, - struct bgp_path_info *exist, int *paths_eq); + struct bgp_path_info *exist, int *paths_eq, + bool debug); extern void bgp_aggregate_toggle_suppressed(struct bgp_aggregate *aggregate, struct bgp *bgp, const struct prefix *p, afi_t afi,