From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: bgpd fix rtr_parse_notify()
To: tech@openbsd.org
Date: Tue, 9 Jan 2024 15:38:01 +0100

I introduced two issues in rtr_parse_notify() over the last 24h.
First I checked against the wrong state end then I added a
rtr_send_error() call to a case where the error is ignored.
The second error made the first error obvious :)

-- 
:wq Claudio

Index: rtr_proto.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rtr_proto.c,v
diff -u -p -r1.25 rtr_proto.c
--- rtr_proto.c	9 Jan 2024 14:15:15 -0000	1.25
+++ rtr_proto.c	9 Jan 2024 14:32:47 -0000
@@ -524,11 +524,10 @@ rtr_parse_notify(struct rtr_session *rs,
 	if (rtr_check_session_id(rs, rs->session_id, &notify.hdr, pdu) == -1)
 		return -1;
 
-	if (rs->state != RTR_STATE_EXCHANGE) {
+	if (rs->state != RTR_STATE_ESTABLISHED) {
 		log_warnx("rtr %s: received %s: while in state %s (ignored)",
 		    log_rtr(rs), log_rtr_type(SERIAL_NOTIFY),
 		    rtr_statenames[rs->state]);
-		rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
 		return 0;
 	}