lib: Stop potential uninitialized memory access

VRF_UNKNOWN = MAX_INT16_T

The vrf macros to determine where in the bitmap something belongs
assume that the valid values of a vrf are 0 - (MAX_INT16 - 1)
so when they attempt to determine where to look in the bitmap
for VRF_DEFAULT, we can get invalid reads of memory.

This happens because bgp can create vrf's with VRF_UNKNOWN
when we get configuration for a vrf before we've been actually
created in zebra.

Ticket: CM-14090
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

diff --git a/lib/vrf.c b/lib/vrf.c
index 39d8a89a7c5f02119c940654f4fc8bddadd11b4f..61b278dabfa6ceb19dade3e8608cc0342725ba0e 100644 (file)
--- a/lib/vrf.c
+++ b/lib/vrf.c
@@ -381,7 +381,7 @@ vrf_bitmap_set (vrf_bitmap_t bmap, vrf_id_t vrf_id)
   u_char group = VRF_BITMAP_GROUP (vrf_id);
   u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
 
-  if (bmap == VRF_BITMAP_NULL)
+  if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN)
     return;
 
   if (bm->groups[group] == NULL)
@@ -399,7 +399,8 @@ vrf_bitmap_unset (vrf_bitmap_t bmap, vrf_id_t vrf_id)
   u_char group = VRF_BITMAP_GROUP (vrf_id);
   u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
 
-  if (bmap == VRF_BITMAP_NULL || bm->groups[group] == NULL)
+  if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN ||
+      bm->groups[group] == NULL)
     return;
 
   UNSET_FLAG (bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP (offset)],
@@ -413,7 +414,8 @@ vrf_bitmap_check (vrf_bitmap_t bmap, vrf_id_t vrf_id)
   u_char group = VRF_BITMAP_GROUP (vrf_id);
   u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
 
-  if (bmap == VRF_BITMAP_NULL || bm->groups[group] == NULL)
+  if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN ||
+      bm->groups[group] == NULL)
     return 0;
 
   return CHECK_FLAG (bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP (offset)],