git.puffer.fish Git - matthieu/frr.git/commit

ldpd: Prevent usage after free

We are using data after it has been freed and handed back to the
OS.
Address Sanitizer output:

error 23-Nov-2020 18:53:57 ERROR: AddressSanitizer: heap-use-after-free on address 0x631000024838 at pc 0x55f825998f58 bp 0x7fffa5b0f5b0 sp 0x7fffa5b0f5a0
error 23-Nov-2020 18:53:57 READ of size 4 at 0x631000024838 thread T0
error 23-Nov-2020 18:53:57     #0 0x55f825998f57 in lde_imsg_compose_parent_sync ldpd/lde.c:226
error 23-Nov-2020 18:53:57     #1 0x55f8259ca9ed in vlog ldpd/log.c:48
error 23-Nov-2020 18:53:57     #2 0x55f8259cb1c8 in log_info ldpd/log.c:102
error 23-Nov-2020 18:53:57     #3 0x55f82599e841 in lde_shutdown ldpd/lde.c:208
error 23-Nov-2020 18:53:57     #4 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666
error 23-Nov-2020 18:53:57     #5 0x55f825ac3815 in thread_call lib/thread.c:1681
error 23-Nov-2020 18:53:57     #6 0x55f825998d5e in lde ldpd/lde.c:160
error 23-Nov-2020 18:53:57     #7 0x55f82598a289 in main ldpd/ldpd.c:320
error 23-Nov-2020 18:53:57     #8 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error 23-Nov-2020 18:53:57     #9 0x55f825982579 in _start (/usr/lib/frr/ldpd+0xb3579)
error 23-Nov-2020 18:53:57
error 23-Nov-2020 18:53:57 0x631000024838 is located 65592 bytes inside of 65632-byte region [0x631000014800,0x631000024860)
error 23-Nov-2020 18:53:57 freed by thread T0 here:
error 23-Nov-2020 18:53:57     #0 0x7fe3f8a4d7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
error 23-Nov-2020 18:53:57     #1 0x55f82599e830 in lde_shutdown ldpd/lde.c:206
error 23-Nov-2020 18:53:57     #2 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666
error 23-Nov-2020 18:53:57     #3 0x55f825ac3815 in thread_call lib/thread.c:1681
error 23-Nov-2020 18:53:57     #4 0x55f825998d5e in lde ldpd/lde.c:160
error 23-Nov-2020 18:53:57     #5 0x55f82598a289 in main ldpd/ldpd.c:320
error 23-Nov-2020 18:53:57     #6 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error 23-Nov-2020 18:53:57
error 23-Nov-2020 18:53:57 previously allocated by thread T0 here:
error 23-Nov-2020 18:53:57     #0 0x7fe3f8a4dd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
error 23-Nov-2020 18:53:57     #1 0x55f825998cb7 in lde ldpd/lde.c:151
error 23-Nov-2020 18:53:57     #2 0x55f82598a289 in main ldpd/ldpd.c:320
error 23-Nov-2020 18:53:57     #3 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
error 23-Nov-2020 18:53:57

The fix is to put this in global space.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

author	Donald Sharp <sharpd@nvidia.com>
	Wed, 25 Nov 2020 12:36:43 +0000 (07:36 -0500)
committer	Donald Sharp <sharpd@nvidia.com>
	Wed, 25 Nov 2020 12:36:43 +0000 (07:36 -0500)
commit	59c5b83b585db9a22d6df9029fff1700147b757a
tree	fb785540d3647b0248866b754f04abb072976ef8	tree \| snapshot
parent	f286bcf5fc8a7ee2df8ba65e84bde548e04de800	commit \| diff