zebra: guard against junk in nexthop->rmap_src

rmap_src wasn't initialized, so for IPv4 the unused 12 bytes would
contain whatever junk is on the stack on function entry.  Also move
the IPv4 parse before the IPv6 parse so if it's successful we can be
sure the other bytes haven't been touched.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit b666ee510eb480da50476b1bbc84bdf8365df95c)

diff --git a/zebra/zebra_routemap.c b/zebra/zebra_routemap.c
index f337b3a752a09f02d71c155a69853a6d86cf1c87..0f3e79b7cc734b0b3cb2ac69656c45bd3701e2e3 100644 (file)
--- a/zebra/zebra_routemap.c
+++ b/zebra/zebra_routemap.c
@@ -1518,10 +1518,11 @@ route_set_src(void *rule, const struct prefix *prefix, void *object)
 /* set src compilation. */
 static void *route_set_src_compile(const char *arg)
 {
-       union g_addr src, *psrc;
+       union g_addr src = {}, *psrc;
 
-       if ((inet_pton(AF_INET6, arg, &src.ipv6) == 1)
-           || (inet_pton(AF_INET, arg, &src.ipv4) == 1)) {
+       /* IPv4 first, to ensure no garbage in the 12 unused bytes */
+       if ((inet_pton(AF_INET, arg, &src.ipv4) == 1) ||
+           (inet_pton(AF_INET6, arg, &src.ipv6) == 1)) {
                psrc = XMALLOC(MTYPE_ROUTE_MAP_COMPILED, sizeof(union g_addr));
                *psrc = src;
                return psrc;