[bgpd] Coverity CID #64: Needless NULL check, CID #64: Deref of potentially NULL...

2006-10-15 Paul Jakma <paul.jakma@sun.com>

	* bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL,
	  check is bogus - changed to assert(), CID#64.
	  binfo is checked for NULL, but then dereferenced
	  unconditionally, fix, CID #63.
	  (bgp_withdraw_packet) Assert adv->rn is valid, as with
	  bgp_update_packet().

diff --git a/bgpd/ChangeLog b/bgpd/ChangeLog
index 56107329d6d912aa1b3123f9cd9782f903603fd6..83f9d49386b48fd27d2f5acbdec8d732b7969311 100644 (file)
--- a/bgpd/ChangeLog
+++ b/bgpd/ChangeLog
@@ -2,6 +2,12 @@
 
        * bgp_route.c: (bgp_table_stats_walker) NULL deref if table is
          empty, bgp_table_top may return NULL, Coverity CID#73.
+       * bgp_packet.c: (bgp_update_packet) adv->rn can not be NULL,
+         check is bogus - changed to assert(), CID#64.
+         binfo is checked for NULL, but then dereferenced
+         unconditionally, fix, CID #63.
+         (bgp_withdraw_packet) Assert adv->rn is valid, as with
+         bgp_update_packet().
 
 2006-10-14 Paul Jakma <paul.jakma@sun.com>
 

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index cf6d00f1ae1692295f3a65af20c204d49b0b174c..9859e50babf0e772335d10d00b2914ec6aa0a9bf 100644 (file)
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -158,14 +158,14 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
 
   while (adv)
     {
-      if (adv->rn)
-        rn = adv->rn;
+      assert (adv->rn);
+      rn = adv->rn;
       adj = adv->adj;
       if (adv->binfo)
         binfo = adv->binfo;
 
       /* When remaining space can't include NLRI and it's length.  */
-      if (rn && STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
+      if (STREAM_REMAIN (s) <= BGP_NLRI_LENGTH + PSIZE (rn->p.prefixlen))
        break;
 
       /* If packet is empty, set attribute. */
@@ -173,11 +173,15 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
        {
          struct prefix_rd *prd = NULL;
          u_char *tag = NULL;
+         struct peer *from = NULL;
          
          if (rn->prn)
            prd = (struct prefix_rd *) &rn->prn->p;
           if (binfo)
-            tag = binfo->tag;
+            {
+              tag = binfo->tag;
+              from = binfo->peer;
+            }
           
          bgp_packet_set_marker (s, BGP_MSG_UPDATE);
          stream_putw (s, 0);           
@@ -186,7 +190,7 @@ bgp_update_packet (struct peer *peer, afi_t afi, safi_t safi)
          total_attr_len = bgp_packet_attribute (NULL, peer, s, 
                                                 adv->baa->attr,
                                                 &rn->p, afi, safi, 
-                                                binfo->peer, prd, tag);
+                                                from, prd, tag);
          stream_putw_at (s, pos, total_attr_len);
        }
 
@@ -288,6 +292,7 @@ bgp_withdraw_packet (struct peer *peer, afi_t afi, safi_t safi)
 
   while ((adv = FIFO_HEAD (&peer->sync[afi][safi]->withdraw)) != NULL)
     {
+      assert (adv->rn);
       adj = adv->adj;
       rn = adv->rn;