Mailing List Archive

From:: Denis Fondras <denis@openbsd.org>
Subject:: bgpd: fix crash when nexthop is NULL
To:: tech@openbsd.org
Date:: Fri, 3 Jan 2025 18:08:57 +0100

Download raw body.

Thread

2025-01-03 15:58 Denis Fondras:
bgpd: flowspec & unknown AFI/SAFI are not VPNv6
- 2025-01-03 17:08 Denis Fondras:
  bgpd: fix crash when nexthop is NULL
- - 2025-01-03 19:23 Claudio Jeker:
    bgpd: fix crash when nexthop is NULL
- 2025-01-03 19:21 Claudio Jeker:
  bgpd: flowspec & unknown AFI/SAFI are not VPNv6

If `log updates` is set and state.nexthop is null, addr2sa() is not happy and
crashes the daemon.
Check if state.nexthop is NULL before passing state.nexthop->exit_nexthop (as
done in network_add())

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
diff -u -p -r1.646 rde.c
--- rde.c	12 Dec 2024 20:19:03 -0000	1.646
+++ rde.c	3 Jan 2025 17:03:35 -0000
@@ -1895,8 +1895,8 @@ rde_update_update(struct rde_peer *peer,
 
 		if (action == ACTION_ALLOW) {
 			rde_update_log("update", i, peer,
-			    &state.nexthop->exit_nexthop, prefix,
-			    prefixlen);
+			    state.nexthop ? &state.nexthop->exit_nexthop : NULL,
+			    prefix, prefixlen);
 			prefix_update(rib, peer, path_id, path_id_tx, &state,
 			    0, prefix, prefixlen);
 		} else if (conf->filtered_in_locrib && i == RIB_LOC_START) {

2025-01-03 15:58 Denis Fondras:
bgpd: flowspec & unknown AFI/SAFI are not VPNv6
- 2025-01-03 17:08 Denis Fondras:
  bgpd: fix crash when nexthop is NULL
- - 2025-01-03 19:23 Claudio Jeker:
    bgpd: fix crash when nexthop is NULL
- 2025-01-03 19:21 Claudio Jeker:
  bgpd: flowspec & unknown AFI/SAFI are not VPNv6