bgpd: fix bgpd core when unintern attr

When the remote peer is neither EBGP nor confed, aspath is the
shadow copy of attr->aspath in bgp_packet_attribute(). Striping
AS4_PATH should not be done on the aspath directly, since
that would lead to bgpd core dump when unintern the attr.

Signed-off-by: Yuan Yuan <yyuanam@amazon.com>

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index d5223a1e6e4a63b86b9648dc4577b61f5ae38498..ec9f12d61a16e83bb53b0364f7533eb58bb08aab 100644 (file)
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -4682,6 +4682,10 @@ bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer,
                 * there! (JK)
                 * Folks, talk to me: what is reasonable here!?
                 */
+
+               /* Make sure dup aspath before the modification */
+               if (aspath == attr->aspath)
+                       aspath = aspath_dup(attr->aspath);
                aspath = aspath_delete_confed_seq(aspath);
 
                stream_putc(s,