When using ls_stream2ted() function to parse Opaque Link State message to local
TED, in case of vertex or subnet deletion, the function return a pointer to the
deleted ls_element instead of NULL. This could lead into a potential pointer
corruption when caller try to access to the deleted ls_element.
This patch ensure that the ls_element pointer return by ls_stream2ted()
function is NULL when the message event is a delete operation for vertex and
subnet. Note that edge deletion was correctly handled.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
/* Then remove Vertex from Link State Data Base and free memory */
vertices_del(&ted->vertices, vertex);
XFREE(MTYPE_LS_DB, vertex);
- vertex = NULL;
}
void ls_vertex_del_all(struct ls_ted *ted, struct ls_vertex *vertex)
case LS_MSG_EVENT_DELETE:
vertex = ls_find_vertex_by_id(ted, node->adv);
if (vertex) {
- if (delete)
+ if (delete) {
ls_vertex_del_all(ted, vertex);
- else
+ vertex = NULL;
+ } else
vertex->status = DELETE;
}
break;
case LS_MSG_EVENT_DELETE:
subnet = ls_find_subnet(ted, &pref->pref);
if (subnet) {
- if (delete)
+ if (delete) {
ls_subnet_del_all(ted, subnet);
- else
+ subnet = NULL;
+ } else
subnet->status = DELETE;
}
break;
projects / matthieu / frr.git / commitdiff