ospf6d: fix crash on message receive

OSPF6 daemon starts listening on its socket and reading messages right
after the initialization before the ospf6 router is created. If any
message is received, ospf6d crashes because ospf6_receive doesn't
NULL-check ospf6 pointer.

Fix this by opening the socket and reading messages only after the
creation of ospf6 router.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

diff --git a/ospf6d/ospf6_main.c b/ospf6d/ospf6_main.c
index 182faf0038f4eb28af67a94861bba901060861e4..81306d9162ae69c77fd4e477527b81624ded8615 100644 (file)
--- a/ospf6d/ospf6_main.c
+++ b/ospf6d/ospf6_main.c
@@ -101,7 +101,6 @@ static void __attribute__((noreturn)) ospf6_exit(int status)
        ospf6_asbr_terminate();
        ospf6_lsa_terminate();
 
-       ospf6_serv_close();
        /* reverse access_list_init */
        access_list_reset();
 

diff --git a/ospf6d/ospf6_message.c b/ospf6d/ospf6_message.c
index 4830b38a66614496dcafcda2d238cc6f2dd47cab..0311ff4c2cc69895b19adce0c14aaed1e7a4bc76 100644 (file)
--- a/ospf6d/ospf6_message.c
+++ b/ospf6d/ospf6_message.c
@@ -1535,7 +1535,7 @@ int ospf6_receive(struct thread *thread)
 
        /* add next read thread */
        sockfd = THREAD_FD(thread);
-       thread_add_read(master, ospf6_receive, NULL, sockfd, NULL);
+       thread_add_read(master, ospf6_receive, NULL, sockfd, &ospf6->t_ospf6_receive);
 
        /* initialize */
        memset(&src, 0, sizeof(src));

diff --git a/ospf6d/ospf6_top.c b/ospf6d/ospf6_top.c
index 6f23051dc3e32f85dedc22419d2c3ea27a4f424d..69714d7c656d82502a8130541f7d276f20df7236 100644 (file)
--- a/ospf6d/ospf6_top.c
+++ b/ospf6d/ospf6_top.c
@@ -41,6 +41,7 @@
 #include "ospf6_area.h"
 #include "ospf6_interface.h"
 #include "ospf6_neighbor.h"
+#include "ospf6_network.h"
 
 #include "ospf6_flood.h"
 #include "ospf6_asbr.h"
@@ -186,6 +187,10 @@ static struct ospf6 *ospf6_create(vrf_id_t vrf_id)
 
        QOBJ_REG(o, ospf6);
 
+       ospf6_serv_sock();
+
+       thread_add_read(master, ospf6_receive, NULL, ospf6_sock, &o->t_ospf6_receive);
+
        return o;
 }
 
@@ -199,6 +204,8 @@ void ospf6_delete(struct ospf6 *o)
        ospf6_flush_self_originated_lsas_now();
        ospf6_disable(ospf6);
 
+       ospf6_serv_close();
+
        for (ALL_LIST_ELEMENTS(o->area_list, node, nnode, oa))
                ospf6_area_delete(oa);
 
@@ -242,6 +249,7 @@ static void ospf6_disable(struct ospf6 *o)
                THREAD_OFF(o->t_spf_calc);
                THREAD_OFF(o->t_ase_calc);
                THREAD_OFF(o->t_distribute_update);
+               THREAD_OFF(o->t_ospf6_receive);
        }
 }
 

diff --git a/ospf6d/ospf6_top.h b/ospf6d/ospf6_top.h
index 806b4da1cfbc80d0a4ca75521ad4c0291777037a..a3b61ba65129a08f9d06ba80f10266219dd501fd 100644 (file)
--- a/ospf6d/ospf6_top.h
+++ b/ospf6d/ospf6_top.h
@@ -97,6 +97,7 @@ struct ospf6 {
        struct thread *t_ase_calc; /* ASE calculation timer. */
        struct thread *maxage_remover;
        struct thread *t_distribute_update; /* Distirbute update timer. */
+       struct thread *t_ospf6_receive; /* OSPF6 receive timer */
 
        uint32_t ref_bandwidth;
 

diff --git a/ospf6d/ospf6d.c b/ospf6d/ospf6d.c
index f61adcd3280e7ea72ff987c141a2ef47eedb9a72..3d536088531d2cf68651c713348fd0c0dd77ee00 100644 (file)
--- a/ospf6d/ospf6d.c
+++ b/ospf6d/ospf6d.c
@@ -1267,10 +1267,6 @@ void ospf6_init(void)
                VIEW_NODE,
                &show_ipv6_ospf6_database_type_self_originated_linkstate_id_cmd);
        install_element(VIEW_NODE, &show_ipv6_ospf6_database_aggr_router_cmd);
-
-       /* Make ospf protocol socket. */
-       ospf6_serv_sock();
-       thread_add_read(master, ospf6_receive, NULL, ospf6_sock, NULL);
 }
 
 void ospf6_clean(void)