Download raw body.
bgpd: check aid2afi return value consistently
Consistently check if aid2afi() failed
Check return value against == -1 also use the same error message in
most places.
Add check in mrt_dump_entry_v2(), the call in mrt_dump_entry() is skipped
since the aid is limited to AID_INET and AID_INET6 and so that function is
not supposed to fail.
Fixes CID 492335
--
:wq Claudio
Index: mrt.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/mrt.c,v
diff -u -p -r1.128 mrt.c
--- mrt.c 4 Nov 2025 10:47:25 -0000 1.128
+++ mrt.c 4 Nov 2025 14:32:12 -0000
@@ -709,7 +709,12 @@ mrt_dump_entry_v2(struct mrt *mrt, struc
*/
subtype = MRT_DUMP_V2_RIB_GENERIC;
apsubtype = MRT_DUMP_V2_RIB_GENERIC_ADDPATH;
- aid2afi(re->prefix->aid, &afi, &safi);
+ if (aid2afi(re->prefix->aid, &afi, &safi) == -1) {
+ log_warnx("%s: bad AID", __func__);
+ ibuf_free(pbuf);
+ return (-1);
+ }
+
/* first add 3-bytes AFI/SAFI */
if (ibuf_add_n16(pbuf, afi) == -1)
Index: rde_update.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_update.c,v
diff -u -p -r1.176 rde_update.c
--- rde_update.c 4 Jun 2025 09:12:34 -0000 1.176
+++ rde_update.c 4 Nov 2025 14:34:52 -0000
@@ -904,8 +904,8 @@ up_generate_mp_reach(struct ibuf *buf, s
if (ibuf_add_zero(buf, sizeof(len)) == -1)
return -1;
- if (aid2afi(aid, &afi, &safi))
- fatalx("up_generate_mp_reach: bad AID");
+ if (aid2afi(aid, &afi, &safi) == -1)
+ fatalx("%s: bad AID", __func__);
/* AFI + SAFI + NH LEN + NH + Reserved */
if (ibuf_add_n16(buf, afi) == -1)
@@ -1060,7 +1060,7 @@ up_dump_withdraws(struct imsgbuf *imsg,
goto fail;
/* afi & safi */
- if (aid2afi(aid, &afi, &safi))
+ if (aid2afi(aid, &afi, &safi) == -1)
fatalx("%s: bad AID", __func__);
if (ibuf_add_n16(buf, afi) == -1)
goto fail;
@@ -1131,7 +1131,7 @@ up_dump_withdraw_one(struct rde_peer *pe
return -1;
/* afi & safi */
- if (aid2afi(p->pt->aid, &afi, &safi))
+ if (aid2afi(p->pt->aid, &afi, &safi) == -1)
fatalx("%s: bad AID", __func__);
if (ibuf_add_n16(buf, afi) == -1)
return -1;
Index: session_bgp.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/session_bgp.c,v
diff -u -p -r1.5 session_bgp.c
--- session_bgp.c 21 Aug 2025 15:15:25 -0000 1.5
+++ session_bgp.c 4 Nov 2025 14:37:24 -0000
@@ -146,7 +146,7 @@ session_capa_add_afi(struct ibuf *b, uin
uint16_t afi;
uint8_t safi;
- if (aid2afi(aid, &afi, &safi)) {
+ if (aid2afi(aid, &afi, &safi) == -1) {
log_warn("%s: bad AID", __func__);
return (-1);
}
@@ -165,7 +165,7 @@ session_capa_add_ext_nh(struct ibuf *b,
uint16_t afi;
uint8_t safi;
- if (aid2afi(aid, &afi, &safi)) {
+ if (aid2afi(aid, &afi, &safi) == -1) {
log_warn("%s: bad AID", __func__);
return (-1);
}
@@ -559,7 +559,7 @@ session_rrefresh(struct peer *p, uint8_t
}
if (aid2afi(aid, &afi, &safi) == -1)
- fatalx("session_rrefresh: bad afi/safi pair");
+ fatalx("%s: bad AID", __func__);
if ((buf = session_newmsg(BGP_RREFRESH, MSGSIZE_RREFRESH)) == NULL) {
bgp_fsm(p, EVNT_CON_FATAL, NULL);
bgpd: check aid2afi return value consistently