From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: bgpd: fix crash when nexthop is NULL
To: Denis Fondras <denis@openbsd.org>
Cc: tech@openbsd.org
Date: Fri, 3 Jan 2025 20:23:53 +0100

On Fri, Jan 03, 2025 at 06:08:57PM +0100, Denis Fondras wrote:
> If `log updates` is set and state.nexthop is null, addr2sa() is not happy and
> crashes the daemon.
> Check if state.nexthop is NULL before passing state.nexthop->exit_nexthop (as
> done in network_add())

How do you get a NULL nexthop in that code path?
That should not be possible since the nexthop is a mandatory attribute
(apart from flowspec but we don't do flowspec in yet).
 
> Index: rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> diff -u -p -r1.646 rde.c
> --- rde.c	12 Dec 2024 20:19:03 -0000	1.646
> +++ rde.c	3 Jan 2025 17:03:35 -0000
> @@ -1895,8 +1895,8 @@ rde_update_update(struct rde_peer *peer,
>  
>  		if (action == ACTION_ALLOW) {
>  			rde_update_log("update", i, peer,
> -			    &state.nexthop->exit_nexthop, prefix,
> -			    prefixlen);
> +			    state.nexthop ? &state.nexthop->exit_nexthop : NULL,
> +			    prefix, prefixlen);
>  			prefix_update(rib, peer, path_id, path_id_tx, &state,
>  			    0, prefix, prefixlen);
>  		} else if (conf->filtered_in_locrib && i == RIB_LOC_START) {
> 

-- 
:wq Claudio