bgpd: Fix session reset issue caused by malformed core attributes

RCA:
On encountering any attribute error for core attributes in update message,
the error handling is set to 'treat as withdraw' and
further parsing of the remaining attributes is skipped.
But the stream pointer is not being correctly adjusted to
point to the next NLRI field skipping the rest of the attributes.
This leads to incorrect parsing of the NLRI field,
which causes BGP session to reset.

Fix:
The stream pointer offset is rightly adjusted to point to the NLRI field correctly
when the malformed attribute is encountered and remaining attribute parsing is skipped.

Signed-off-by: Samanvitha B Bhargav <bsamanvitha@vmware.com>

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index b7d0958bac02b3e10140061ef95a3618f67f74d9..82a0a583351c0ef7f831a0969f5c6079d826ae42 100644 (file)
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -3357,6 +3357,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
                                attr_args.total);
                        if (ret == BGP_ATTR_PARSE_PROCEED)
                                continue;
+                       stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer));
                        goto done;
                }
 
@@ -3458,6 +3459,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
                                EC_BGP_ATTRIBUTE_PARSE_WITHDRAW,
                                "%s: Attribute %s, parse error - treating as withdrawal",
                                peer->host, lookup_msg(attr_str, type, NULL));
+                       stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer));
                        goto done;
                }