pimd: Fix leaked fd and prevent null pointer deref

When the pim_nexthop_lookup fails, close the opened fd
as part of the failure condition.

Additionally pim_nexthop_lookup assumes that we've
actually already looked up a nexthop in the past.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

diff --git a/pimd/pim_igmp_mtrace.c b/pimd/pim_igmp_mtrace.c
index 5e2e316d850d0101d14d8d97727438ce0239c1e3..9e59dc31b6dda5cf168864df7d3da5f27f158b5e 100644 (file)
--- a/pimd/pim_igmp_mtrace.c
+++ b/pimd/pim_igmp_mtrace.c
@@ -256,9 +256,11 @@ static int mtrace_un_forward_packet(struct pim_instance *pim, struct ip *ip_hdr,
        pim_socket_ip_hdr(fd);
 
        if (interface == NULL) {
+               memset(&nexthop, 0, sizeof(nexthop));
                ret = pim_nexthop_lookup(pim, &nexthop, ip_hdr->ip_dst, 0);
 
                if (ret != 0) {
+                       close(fd);
                        if (PIM_DEBUG_MTRACE)
                                zlog_warn(
                                        "Dropping mtrace packet, "
@@ -434,6 +436,7 @@ static int mtrace_send_response(struct pim_instance *pim,
                if (PIM_DEBUG_MTRACE)
                        zlog_debug("mtrace response to RP");
        } else {
+               memset(&nexthop, 0, sizeof(nexthop));
                /* TODO: should use unicast rib lookup */
                ret = pim_nexthop_lookup(pim, &nexthop, mtracep->rsp_addr, 1);
 
@@ -613,6 +616,7 @@ int igmp_mtrace_recv_qry_req(struct igmp_sock *igmp, struct ip *ip_hdr,
 
        nh_addr.s_addr = 0;
 
+       memset(&nexthop, 0, sizeof(nexthop));
        ret = pim_nexthop_lookup(pim, &nexthop, mtracep->src_addr, 1);
 
        if (ret == 0) {