pbrd: fix removal of ipv6 nexthops

Fix bug in the code that compares IPv6 addresses. If memcmp()
returns 0 then the two addresses are equal.

Because of this problem, hash_release() could return NULL in a few
places, leading to the following crashes (found by the CLI fuzzer):
pbrd aborted: vtysh -c "configure terminal" -c "pbr-map WORD seq 100" -c "no set nexthop 2001:db8::1"
pbrd aborted: vtysh -c "configure terminal" -c "nexthop-group NHGROUP" -c "no nexthop 2001:db8::1"

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>

diff --git a/pbrd/pbr_nht.c b/pbrd/pbr_nht.c
index 6103bd7db5e2cf71a6e85f90cc018c480b040aac..f3bfad3190379e576d77f30575b7bea1f2d28820 100644 (file)
--- a/pbrd/pbr_nht.c
+++ b/pbrd/pbr_nht.c
@@ -164,8 +164,8 @@ static bool pbr_nh_hash_equal(const void *arg1, const void *arg2)
                       == pbrnc2->nexthop->gate.ipv4.s_addr;
        case NEXTHOP_TYPE_IPV6_IFINDEX:
        case NEXTHOP_TYPE_IPV6:
-               return !!memcmp(&pbrnc1->nexthop->gate.ipv6,
-                               &pbrnc2->nexthop->gate.ipv6, 16);
+               return !memcmp(&pbrnc1->nexthop->gate.ipv6,
+                              &pbrnc2->nexthop->gate.ipv6, 16);
        case NEXTHOP_TYPE_BLACKHOLE:
                return pbrnc1->nexthop->bh_type == pbrnc2->nexthop->bh_type;
        }