isisd: fix infinite loop when parsing LSPs

Fixing the crash:

> #0  0x0000560aa80f8e30 in lspdb_const_find (h=<error reading variable: Cannot access memory at address 0x7fff5e95efe8>, item=<error reading variable: Cannot access memory at address 0x7fff5e95efe0>) at ./isisd/isis_lsp.h:64
> #1  0x0000560aa80f8e9d in lspdb_find (h=0x560aaa1ed3b8, item=0x7fff5e95f050) at ./isisd/isis_lsp.h:64
> #2  0x0000560aa80f92f9 in lsp_search (head=0x560aaa1ed3b8, id=0x7fff5e95f200 "") at isisd/isis_lsp.c:100
> #3  0x0000560aa8113d69 in spf_adj_list_parse_tlv (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, id=0x560aad331a78 "", desig_is_id=0x0, pseudo_metric=0, metric=3, oldmetric=false, subtlvs=0x0) at isisd/isis_spf.c:1330
> #4  0x0000560aa811419d in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1429
> #5  0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #6  0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> (...)
> #65507 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65508 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65509 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65510 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65511 0x0000560aa8114313 in isis_spf_build_adj_list (spftree=0x560aaa1f09d0, lsp=0x560aaa1f4e50) at isisd/isis_spf.c:1455
> #65512 0x0000560aa8114f09 in isis_run_spf (spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1775
> #65513 0x0000560aa8115057 in isis_run_spf_with_protection (area=0x560aaa1ed3b0, spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1801
> #65514 0x0000560aa8115311 in isis_run_spf_cb (thread=0x7fff5f15e5a0) at isisd/isis_spf.c:1859
> #65515 0x00007f90bac66dcc in thread_call (thread=0x7fff5f15e5a0) at lib/thread.c:2002
> #65516 0x00007f90bac013ee in frr_run (master=0x560aa9f5cb40) at lib/libfrr.c:1196
> #65517 0x0000560aa80e7da2 in main (argc=2, argv=0x7fff5f15e7b8, envp=0x7fff5f15e7d0) at isisd/isis_main.c:273

Fixes: 7b36d36e0e ("isisd: make the SPF code more modular")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c
index d5b02f388152791eb67980294334467333379b30..468382a5fe676c312378834e65c77fd2665c7bd1 100644 (file)
--- a/isisd/isis_spf.c
+++ b/isisd/isis_spf.c
@@ -1388,14 +1388,13 @@ static void spf_adj_list_parse_tlv(struct isis_spftree *spftree,
                spf_adj_list_parse_lsp(spftree, adj_list, lsp, id, metric);
 }
 
-static void spf_adj_list_parse_lsp(struct isis_spftree *spftree,
-                                  struct list *adj_list, struct isis_lsp *lsp,
-                                  const uint8_t *pseudo_nodeid,
-                                  uint32_t pseudo_metric)
+static void spf_adj_list_parse_lsp_frag(struct isis_spftree *spftree,
+                                       struct list *adj_list,
+                                       struct isis_lsp *lsp,
+                                       const uint8_t *pseudo_nodeid,
+                                       uint32_t pseudo_metric)
 {
        bool pseudo_lsp = LSP_PSEUDO_ID(lsp->hdr.lsp_id);
-       struct isis_lsp *frag;
-       struct listnode *node;
        struct isis_item *head;
        struct isis_item_list *te_neighs;
 
@@ -1433,14 +1432,27 @@ static void spf_adj_list_parse_lsp(struct isis_spftree *spftree,
                        }
                }
        }
+}
+
+
+static void spf_adj_list_parse_lsp(struct isis_spftree *spftree,
+                                  struct list *adj_list, struct isis_lsp *lsp,
+                                  const uint8_t *pseudo_nodeid,
+                                  uint32_t pseudo_metric)
+{
+       struct isis_lsp *frag;
+       struct listnode *node;
+
+       spf_adj_list_parse_lsp_frag(spftree, adj_list, lsp, pseudo_nodeid,
+                                   pseudo_metric);
 
        /* Parse LSP fragments. */
        for (ALL_LIST_ELEMENTS_RO(lsp->lspu.frags, node, frag)) {
                if (!frag->tlvs)
                        continue;
 
-               spf_adj_list_parse_lsp(spftree, adj_list, frag, pseudo_nodeid,
-                                      pseudo_metric);
+               spf_adj_list_parse_lsp_frag(spftree, adj_list, frag,
+                                           pseudo_nodeid, pseudo_metric);
        }
 }