Mirror/frr
0
0
Fork 1
mirror of https://github.com/FRRouting/frr.git synced 2025-04-30 13:37:17 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

bgpd: Fix deref after free in bgp_vrf_unlink

Browse source 
Found by the static analyzer Svace (ISP RAS): DEREF_AFTER_FREE -
Pointer '&bgp->vrf_id' is dereferenced after the referenced memory
was deallocated by passing as 1st parameter to function 'bgp_unlock'.

Signed-off-by: Petr Vaganov <petrvaganoff@gmail.com>
This commit is contained in:
Petr Vaganov 2025-04-21 20:52:24 +05:00
parent 004c6c0260
commit 765945feed
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bgpd/bgpd.h
View file

@ -2959,11 +2959,11 @@ static inline void bgp_vrf_link(struct bgp *bgp, struct vrf *vrf)
/* Unlink BGP instance from VRF. */
static inline void bgp_vrf_unlink(struct bgp *bgp, struct vrf *vrf)
{
bgp->vrf_id = VRF_UNKNOWN;
if (vrf->info == (void *)bgp) {
vrf->info = NULL;
bgp_unlock(bgp);
}
bgp->vrf_id = VRF_UNKNOWN;
}
static inline bool bgp_in_graceful_shutdown(struct bgp *bgp)