lib: guard against padding garbage in ZAPI read

When reading in a nexthop from ZAPI, only set the fields that actually
have meaning.  While it shouldn't happen to begin with, we can otherwise
carry padding garbage into the unused leftover union bytes.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

diff --git a/lib/zclient.c b/lib/zclient.c
index d8c75c9029725603dd68c3712878daff14803bc6..5deea8f0cfa8fcf53551bb8cf2687ac2867b1028 100644 (file)
--- a/lib/zclient.c
+++ b/lib/zclient.c
@@ -2300,7 +2300,27 @@ struct nexthop *nexthop_from_zapi_nexthop(const struct zapi_nexthop *znh)
        n->type = znh->type;
        n->vrf_id = znh->vrf_id;
        n->ifindex = znh->ifindex;
-       n->gate = znh->gate;
+
+       /* only copy values that have meaning - make sure "spare bytes" are
+        * left zeroed for hashing (look at _nexthop_hash_bytes)
+        */
+       switch (znh->type) {
+       case NEXTHOP_TYPE_BLACKHOLE:
+               n->bh_type = znh->bh_type;
+               break;
+       case NEXTHOP_TYPE_IPV4:
+       case NEXTHOP_TYPE_IPV4_IFINDEX:
+               n->gate.ipv4 = znh->gate.ipv4;
+               break;
+       case NEXTHOP_TYPE_IPV6:
+       case NEXTHOP_TYPE_IPV6_IFINDEX:
+               n->gate.ipv6 = znh->gate.ipv6;
+               break;
+       case NEXTHOP_TYPE_IFINDEX:
+               /* nothing, ifindex is always copied */
+               break;
+       }
+
        n->srte_color = znh->srte_color;
        n->weight = znh->weight;