bgpd: Fix session reset issue caused by malformed core attributes

RCA:
On encountering any attribute error for core attributes in update message,
the error handling is set to 'treat as withdraw' and
further parsing of the remaining attributes is skipped.
But the stream pointer is not being correctly adjusted to
point to the next NLRI field skipping the rest of the attributes.
This leads to incorrect parsing of the NLRI field,
which causes BGP session to reset.

Fix:
The stream pointer offset is rightly adjusted to point to the NLRI field correctly
when the malformed attribute is encountered and remaining attribute parsing is skipped.

Signed-off-by: Samanvitha B Bhargav <bsamanvitha@vmware.com>
(cherry picked from commit 70ff940fd1cbf920958116c558150ca5d3200eb8)

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index ec9f12d61a16e83bb53b0364f7533eb58bb08aab..3ecffb99d17152abf4f33481d1396086eee6ec6b 100644 (file)
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -3570,6 +3570,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
                                attr_args.total);
                        if (ret == BGP_ATTR_PARSE_PROCEED)
                                continue;
+                       stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer));
                        goto done;
                }
 
@@ -3674,6 +3675,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
                                EC_BGP_ATTRIBUTE_PARSE_WITHDRAW,
                                "%s: Attribute %s, parse error - treating as withdrawal",
                                peer->host, lookup_msg(attr_str, type, NULL));
+                       stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer));
                        goto done;
                }