matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity
frr/pimd
History
Jafar Al-Gharaibeh 7bd03cf378 pimd: fix a possible use after free bug when doing pim trace 
```
ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000aecf0 at pc 0x5555557ecdb9 bp 0x7fffffffe350 sp 0x7fffffffe340
READ of size 4 at 0x6160000aecf0 thread T0
    #0 0x5555557ecdb8 in igmp_source_delete pimd/pim_igmpv3.c:340
    #1 0x5555557ed475 in igmp_source_delete_expired pimd/pim_igmpv3.c:405
    #2 0x5555557de574 in igmp_group_timer pimd/pim_igmp.c:1346
    #3 0x7ffff7275421 in event_call lib/event.c:1996
    #4 0x7ffff7140797 in frr_run lib/libfrr.c:1237
    #5 0x5555557f5840 in main pimd/pim_main.c:166
    #6 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308
    #7 0x555555686eed in _start (/usr/lib/frr/pimd+0x132eed)

0x6160000aecf0 is located 112 bytes inside of 600-byte region [0x6160000aec80,0x6160000aeed8)
freed by thread T0 here:
    #0 0x7ffff767b40f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x7ffff716ed34 in qfree lib/memory.c:131
    #2 0x5555557169ae in pim_channel_oil_free pimd/pim_oil.c:84
    #3 0x555555717981 in pim_channel_oil_del pimd/pim_oil.c:199
    #4 0x55555573c42c in tib_sg_gm_prune pimd/pim_tib.c:196
    #5 0x5555557d6d04 in igmp_source_forward_stop pimd/pim_igmp.c:229
    #6 0x5555557d5855 in igmp_anysource_forward_stop pimd/pim_igmp.c:61
    #7 0x5555557de539 in igmp_group_timer pimd/pim_igmp.c:1344
    #8 0x7ffff7275421 in event_call lib/event.c:1996
    #9 0x7ffff7140797 in frr_run lib/libfrr.c:1237
    #10 0x5555557f5840 in main pimd/pim_main.c:166
    #11 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7ffff767ba06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x7ffff716ebe1 in qcalloc lib/memory.c:106
    #2 0x555555716eb7 in pim_channel_oil_add pimd/pim_oil.c:133
    #3 0x55555573b2b9 in tib_sg_oil_setup pimd/pim_tib.c:30
    #4 0x55555573bdd3 in tib_sg_gm_join pimd/pim_tib.c:119
    #5 0x5555557d6788 in igmp_source_forward_start pimd/pim_igmp.c:193
    #6 0x5555557d5771 in igmp_anysource_forward_start pimd/pim_igmp.c:51
    #7 0x5555557ecaa0 in group_exclude_fwd_anysrc_ifempty pimd/pim_igmpv3.c:310
    #8 0x5555557ef937 in toex_incl pimd/pim_igmpv3.c:839
    #9 0x5555557f00a2 in igmpv3_report_toex pimd/pim_igmpv3.c:938
    #10 0x5555557f543d in igmp_v3_recv_report pimd/pim_igmpv3.c:2000
    #11 0x5555557da2b4 in pim_igmp_packet pimd/pim_igmp.c:787
    #12 0x5555556ee46a in process_igmp_packet pimd/pim_mroute.c:763
    #13 0x5555556ee5f3 in pim_mroute_msg pimd/pim_mroute.c:787
    #14 0x5555556eef58 in mroute_read pimd/pim_mroute.c:877
    #15 0x7ffff7275421 in event_call lib/event.c:1996
    #16 0x7ffff7140797 in frr_run lib/libfrr.c:1237
    #17 0x5555557f5840 in main pimd/pim_main.c:166
    #18 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free pimd/pim_igmpv3.c:340 in igmp_source_delete
Shadow bytes around the buggy address:
  0x0c2c8000dd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000dd50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000dd60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000dd70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000dd80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c8000dd90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
  0x0c2c8000dda0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000ddb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000ddc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c8000ddd0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c2c8000dde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
```

Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
2024-09-25 16:12:51 -05:00
..
.gitignore pim6d: add skeleton for IPv6 PIM daemon 2022-01-12 18:23:50 +01:00
AUTHORS
CAVEATS pimd: added mtrace caveat 2018-02-27 14:03:39 +01:00
COMMANDS pimd: show ip igmp statistics command 2018-05-04 17:05:19 +02:00
DEBUG
LINUX_KERNEL_MROUTE_MFC
Makefile build: non-recursive pimd 2017-09-07 16:20:42 +02:00
mtracebis.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
mtracebis_netlink.c *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
mtracebis_netlink.h *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
mtracebis_routeget.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
mtracebis_routeget.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim6_cmd.c pimd: candidate BSR/RP show commands, move under ip pim bsr 2024-09-09 13:27:49 -05:00
pim6_cmd.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim6_main.c pimd: Candidate-RP support 2024-09-09 12:42:28 -05:00
pim6_mld.c *: Create termtable specific temp memory 2024-09-01 13:07:46 -04:00
pim6_mld.h pim6d: Fixing core while running MLD conformance test. 2023-07-18 03:11:21 -07:00
pim6_mld_protocol.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_addr.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_addr.h pimd, lib, vtysh: Added new 'router pim[6] [vrf NAME]' config node 2024-07-16 13:30:35 -05:00
pim_assert.c *: Convert THREAD_XXX macros to EVENT_XXX macros 2023-03-24 08:32:17 -04:00
pim_assert.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_autorp.c pimd: Fix coverity checked return issue 2024-09-25 13:56:30 +00:00
pim_autorp.h pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_bfd.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_bfd.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_bsm.c pimd: refactor pim_sock_read to be used with unicast bsr msgs 2024-09-09 13:27:49 -05:00
pim_bsm.h pimd: candidate BSR/RP show commands, move under ip pim bsr 2024-09-09 13:27:49 -05:00
pim_bsr_rpdb.c pimd: candidate BSR/RP show commands, move under ip pim bsr 2024-09-09 13:27:49 -05:00
pim_cmd.c pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_cmd.h pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_cmd_common.c pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_cmd_common.h pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_errors.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_errors.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_hello.c *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
pim_hello.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_iface.c pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_iface.h pimd: add proxy join/prune functionality 2024-09-23 11:43:32 -07:00
pim_ifchannel.c pimd: fix order of operations for evaluating join 2024-05-08 21:21:30 +02:00
pim_ifchannel.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
pim_igmp.c pimd: add proxy join/prune functionality 2024-09-23 11:43:32 -07:00
pim_igmp.h pimd: add proxy join/prune functionality 2024-09-23 11:43:32 -07:00
pim_igmp_join.h pim6d: Impelmenting "ipv6 mld join" 2023-04-03 04:05:17 -07:00
pim_igmp_mtrace.c *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
pim_igmp_mtrace.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_igmp_stats.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_igmp_stats.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_igmpv2.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_igmpv2.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_igmpv3.c pimd: fix crash when mixing ssm/any-source joins 2024-05-30 23:20:03 -05:00
pim_igmpv3.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_instance.c pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_instance.h pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_int.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_int.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_join.c pimd: Receiving a Join or Prune should be under J_P debugs 2024-01-11 11:50:52 -05:00
pim_join.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_jp_agg.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_jp_agg.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_macro.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_macro.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_main.c pimd: Candidate-RP support 2024-09-09 12:42:28 -05:00
pim_memory.c Merge pull request #16450 from nabahr/static_joins 2024-08-22 11:32:56 -04:00
pim_memory.h Merge pull request #16450 from nabahr/static_joins 2024-08-22 11:32:56 -04:00
pim_mlag.c *: Let's use the native IFNAMSIZ instead of INTERFACE_NAMSIZ 2023-11-21 08:08:29 -05:00
pim_mlag.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_mroute.c pimd: Give a clearer warning when the kernel is not compiled right 2024-05-31 11:29:40 -04:00
pim_mroute.h pimd: Cleanup inclusion of headers 2024-03-08 18:04:34 +00:00
pim_msdp.c pimd: add support for MSDP authentication 2024-07-29 11:40:53 -03:00
pim_msdp.h pimd: add support for MSDP authentication 2024-07-29 11:40:53 -03:00
pim_msdp_packet.c pimd: MSDP SA filtering 2024-07-27 11:32:30 -03:00
pim_msdp_packet.h pimd: MSDP SA filtering 2024-07-27 11:32:30 -03:00
pim_msdp_socket.c pimd: add support for MSDP authentication 2024-07-29 11:40:53 -03:00
pim_msdp_socket.h pimd: add support for MSDP authentication 2024-07-29 11:40:53 -03:00
pim_msg.c pimd: Re-align pim_msg_get_jp_group_size 2024-01-12 15:04:59 -05:00
pim_msg.h pimd: Candidate-BSR support 2024-09-09 13:27:49 -05:00
pim_nb.c pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_nb.h pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_nb_config.c pimd: Fix igmp proxy null pointer dereference 2024-09-25 13:53:30 +00:00
pim_neighbor.c Merge pull request #13020 from SaiGomathiN/2462808-3 2023-05-02 11:55:34 -04:00
pim_neighbor.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
pim_nht.c pimd: make sure the bsr message is coming from the neighbor 2024-09-09 17:14:16 -05:00
pim_nht.h pimd: prepare NHT for tracking BSM C-RPs 2024-06-20 13:10:51 +02:00
pim_oil.c pimd: Use a better name for oil_parent 2023-09-19 13:03:50 -04:00
pim_oil.h pimd: Use a better name for oil_parent 2023-09-19 13:03:50 -04:00
pim_pim.c pimd: refactor pim_sock_read to be used with unicast bsr msgs 2024-09-09 13:27:49 -05:00
pim_pim.h pimd: refactor pim_sock_read to be used with unicast bsr msgs 2024-09-09 13:27:49 -05:00
pim_register.c pimd: fix null register before aging out reg-stop 2024-05-08 21:21:30 +02:00
pim_register.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_routemap.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_rp.c pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_rp.h pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_rpf.c pimd: Make some not very needed debugs more restrictive 2024-01-11 11:50:52 -05:00
pim_rpf.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_signals.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_signals.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_sock.c pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_sock.h pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
pim_ssm.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_ssm.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_ssmpingd.c pimd: remove redundant closing socket 2023-09-23 21:06:32 +08:00
pim_ssmpingd.h *: Rename struct thread to struct event 2023-03-24 08:32:17 -04:00
pim_static.c pimd: Use a better name for oil_parent 2023-09-19 13:03:50 -04:00
pim_static.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_str.h pimd: Remove pim_addr_dump 2023-07-21 07:29:26 -04:00
pim_tib.c pimd: fix a possible use after free bug when doing pim trace 2024-09-25 16:12:51 -05:00
pim_tib.h pimd: add proxy join/prune functionality 2024-09-23 11:43:32 -07:00
pim_time.c *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
pim_time.h *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
pim_tlv.c pimd: Candidate-BSR support 2024-09-09 13:27:49 -05:00
pim_tlv.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_upstream.c pimd: fix null register before aging out reg-stop 2024-05-08 21:21:30 +02:00
pim_upstream.h pimd: fix null register before aging out reg-stop 2024-05-08 21:21:30 +02:00
pim_util.c pimd: IN_MULTICAST needs host order 2023-03-11 19:39:22 -05:00
pim_util.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_vty.c pimd,yang: Implement AutoRP CLI and NB config path 2024-09-24 16:39:17 +00:00
pim_vty.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_vxlan.c pimd: Send up to 10 NULL registers on vxlan startup 2024-01-10 15:36:47 -05:00
pim_vxlan.h pimd: Send up to 10 NULL registers on vxlan startup 2024-01-10 15:36:47 -05:00
pim_vxlan_instance.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_zebra.c pimd: Candidate-RP support 2024-09-09 12:42:28 -05:00
pim_zebra.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_zlookup.c *: add zclient_options_sync 2023-11-23 15:20:13 +01:00
pim_zlookup.h *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pim_zpthread.c *: Convert thread_add_XXX functions to event_add_XXX 2023-03-24 08:32:17 -04:00
pimd.c *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pimd.h pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
README pimd: fix frr url 2020-03-29 17:19:37 -04:00
subdir.am pimd: Add AutoRP functionality to PIMD 2024-09-24 16:36:53 +00:00
test_igmpv3_join.c pim6d: Impelmenting "ipv6 mld join" 2023-04-03 04:05:17 -07:00
TODO pimd: Cleanup TODO file 2018-02-26 21:33:02 -05:00
TROUBLESHOOTING

README 

INTRODUCTION

        qpimd aims to implement a PIM (Protocol Independent Multicast)
	daemon for the FRR Routing Suite.

	qpimd implements PIM-SM (Sparse Mode) of RFC 4601.
        Additionally MSDP has been implemented.

	In order to deliver end-to-end multicast routing control
	plane, qpimd includes the router-side of IGMPv[2|3] (RFC 3376).

LICENSE

        qpimd - pimd for FRR
        Copyright (C) 2008 Everton da Silva Marques

        qpimd is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as
        published by the Free Software Foundation; either version 2,
        or (at your option) any later version.

        qpimd is distributed in the hope that it will be useful, but
        WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        GNU General Public License for more details.

        You should have received a copy of the GNU General Public
        License along with qpimd; see the file COPYING.  If not, write
        to the Free Software Foundation, Inc., 59 Temple Place - Suite
        330, Boston, MA 02111-1307, USA.

HOME SITE

        qpimd lives at:

        https://github.com/frrouting/frr

PLATFORMS

	qpimd has been tested with Debian Jessie.

REQUIREMENTS

	qpimd requires FRR (2.0 or higher)


CONFIGURATION COMMANDS

	See available commands in the file pimd/COMMANDS.

KNOWN CAVEATS

	See list of known caveats in the file pimd/CAVEATS.

SUPPORT

	Please post comments, questions, patches, bug reports at the
	support site:

        https://frrouting.org/frr

RELATED WORK

	igmprt:	An IGMPv3-router implementation
	- http://www.loria.fr/~lahmadi/igmpv3-router.html

	USC pimd: PIMv2-SM daemon
	- http://netweb.usc.edu/pim/pimd (URL broken in 2008-12-23)
	- http://packages.debian.org/source/sid/pimd (from Debian)

	troglobit pimd: This is the original USC pimd from
	http://netweb.usc.edu/pim/. In January 16, 2010 it was revived
	with the intention to collect patches floating around in
	Debian, Gentoo, Lintrack and other distribution repositories
	and to provide a central point of collaboration.
	- http://github.com/troglobit/pimd

	zpimd: zpimd is not dependent of zebra or any other routing daemon
	- ftp://robur.slu.se/pub/Routing/Zebra
	- http://sunsite2.icm.edu.pl/pub/unix/routing/zpimd

	mrd6: an IPv6 Multicast Router for Linux systems
	- http://fivebits.net/proj/mrd6/

	MBGP: Implementation of RFC 2858 for Quagga
	- git://git.coplanar.net/~balajig/quagga
	- http://www.gossamer-threads.com/lists/quagga/dev/18000

REFERENCES

	IANA Protocol Independent Multicast (PIM) Parameters
	http://www.iana.org/assignments/pim-parameters/pim-parameters.txt

	Address Family Numbers
	http://www.iana.org/assignments/address-family-numbers

                              -- END --