ospfd: fix null pointer dereference when flushing an opaque LSA

Call ospf_lsa_flush() before free_opaque_info_per_id() since the
latter can deallocate the LSA that is going to be flushed.

Also, there's no need to set the LSA MaxAge to OSPF_LSA_MAXAGE
manually as the ospf_lsa_flush() function already takes care of that.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>

diff --git a/ospfd/ospf_opaque.c b/ospfd/ospf_opaque.c
index 42bf914f6755f3eed63de27858f5add4cf31a045..fac2f97141b5b78fcad95021316ee74bdceec060 100644 (file)
--- a/ospfd/ospf_opaque.c
+++ b/ospfd/ospf_opaque.c
@@ -2119,15 +2119,12 @@ void ospf_opaque_lsa_flush_schedule(struct ospf_lsa *lsa0)
                goto out;
        }
 
+       /* This lsa will be flushed and removed eventually. */
+       ospf_lsa_flush(top, lsa);
+
        /* Dequeue listnode entry from the list. */
        listnode_delete(oipt->id_list, oipi);
 
-       /* Disassociate internal control information with the given lsa. */
-       free_opaque_info_per_id((void *)oipi);
-
-       /* Force given lsa's age to MaxAge. */
-       lsa->data->ls_age = htons(OSPF_LSA_MAXAGE);
-
        if (IS_DEBUG_OSPF_EVENT)
                zlog_debug(
                        "Schedule Type-%u Opaque-LSA to FLUSH: [opaque-type=%u, opaque-id=%x]",
@@ -2135,8 +2132,8 @@ void ospf_opaque_lsa_flush_schedule(struct ospf_lsa *lsa0)
                        GET_OPAQUE_TYPE(ntohl(lsa->data->id.s_addr)),
                        GET_OPAQUE_ID(ntohl(lsa->data->id.s_addr)));
 
-       /* This lsa will be flushed and removed eventually. */
-       ospf_lsa_flush(top, lsa);
+       /* Disassociate internal control information with the given lsa. */
+       free_opaque_info_per_id((void *)oipi);
 
 out:
        return;