bgpd: Limit flowspec to no attribute means a implicit withdrawal

All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal.  Let's move
bgp_nlri_parse_flowspec() into the same alignment.

Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit cfd04dcb3e689754a72507d086ba3b9709fc5ed8)

diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index 11396e374ff8131e89b7b6c6709999e1b8205333..c4e32cd3bb5ae1bb808b5bae019b9a37b736ea8d 100644 (file)
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -111,6 +111,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
        afi = packet->afi;
        safi = packet->safi;
 
+       /*
+        * All other AFI/SAFI's treat no attribute as a implicit
+        * withdraw.  Flowspec should as well.
+        */
+       if (!attr)
+               withdraw = 1;
+
        if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
                flog_err(EC_BGP_FLOWSPEC_PACKET,
                         "BGP flowspec nlri length maximum reached (%u)",