git.puffer.fish Git - mirror/frr.git/commit

pimd: fix invalid memory access join_timer_stop

Issue:
==16837== Invalid read of size 8
==16837==    at 0x17971C: pim_neighbor_find (pim_neighbor.c:431)
==16837==    by 0x186439: join_timer_stop (pim_upstream.c:348)
==16837==    by 0x186794: pim_upstream_del (pim_upstream.c:231)
==16837==    by 0x189A66: pim_upstream_terminate (pim_upstream.c:1951)
==16837==    by 0x17111B: pim_instance_terminate (pim_instance.c:54)
==16837==    by 0x17111B: pim_vrf_delete (pim_instance.c:172)
==16837==    by 0x4F1D6C8: vrf_delete (vrf.c:264)
==16837==    by 0x19006F: pim_terminate (pimd.c:160)
==16837==    by 0x1B2E4D: pim_sigterm (pim_signals.c:51)
==16837==    by 0x4F08FA2: frr_sigevent_process (sigevent.c:130)
==16837==    by 0x4F1A2CC: thread_fetch (thread.c:1771)
==16837==    by 0x4ED4F92: frr_run (libfrr.c:1197)
==16837==    by 0x15D81A: main (pim_main.c:176)

Root Cause:
In the pim_terminate flow, the interface is deleted
before the pim_interface clean up. Because of this,
the pim_interface is having garbage value.

Fix:
Release the pim interface memory and then delete the
interface.

Signed-off-by: Sarita Patra <saritap@vmware.com>
(cherry picked from commit bc26d1bb61b56fe334f4e217e371999a5bae25b5)

author	Sarita Patra <saritap@vmware.com>
	Fri, 24 Jun 2022 10:04:37 +0000 (03:04 -0700)
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>
	Wed, 29 Jun 2022 15:03:08 +0000 (15:03 +0000)
commit	48a233248eb74507ceac95a6e0cad868774545d3
tree	7816c77883c8157ab7d686ce498279a2c1c9f40b	tree \| snapshot
parent	9260037b0b8152ad1c67e83efe8b7fc2dc54ace2	commit \| diff