bgpd: Limit flowspec to no attribute means a implicit withdrawal

All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal.  Let's move
bgp_nlri_parse_flowspec() into the same alignment.

Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit cfd04dcb3e689754a72507d086ba3b9709fc5ed8)

diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index db61e290d6f8535da66fd2117fdce1227e7fb176..98ec1ed07382f9a1572e190b85fef4a08c017a06 100644 (file)
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
        afi = packet->afi;
        safi = packet->safi;
 
+       /*
+        * All other AFI/SAFI's treat no attribute as a implicit
+        * withdraw.  Flowspec should as well.
+        */
+       if (!attr)
+               withdraw = 1;
+
        if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
                flog_err(EC_BGP_FLOWSPEC_PACKET,
                         "BGP flowspec nlri length maximum reached (%u)",