eigrpd: Fix possible use after free in nbr deletion

Coverity is complaining about use after free's in
clearing eigrp neighbors.  Clean the code
up to not have the problem.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

diff --git a/eigrpd/eigrp_vty.c b/eigrpd/eigrp_vty.c
index e68b85d801190c600d09f72a0da250579c1b97fc..1a81a338bb9e902e8dd768bd1b296283eaf4f9fe 100644 (file)
--- a/eigrpd/eigrp_vty.c
+++ b/eigrpd/eigrp_vty.c
@@ -333,7 +333,7 @@ DEFPY (clear_ip_eigrp_neighbors,
                eigrp_hello_send(ei, EIGRP_HELLO_GRACEFUL_SHUTDOWN, NULL);
 
                /* iterate over all neighbors on eigrp interface */
-               frr_each (eigrp_nbr_hash, &ei->nbr_hash_head, nbr) {
+               frr_each_safe (eigrp_nbr_hash, &ei->nbr_hash_head, nbr) {
                        if (nbr->state != EIGRP_NEIGHBOR_DOWN) {
                                zlog_debug(
                                        "Neighbor %pI4 (%s) is down: manually cleared",
@@ -393,7 +393,7 @@ DEFPY (clear_ip_eigrp_neighbors_int,
        eigrp_hello_send(ei, EIGRP_HELLO_GRACEFUL_SHUTDOWN, NULL);
 
        /* iterate over all neighbors on eigrp interface */
-       frr_each (eigrp_nbr_hash, &ei->nbr_hash_head, nbr) {
+       frr_each_safe (eigrp_nbr_hash, &ei->nbr_hash_head, nbr) {
                if (nbr->state != EIGRP_NEIGHBOR_DOWN) {
                        zlog_debug(
                                "Neighbor %pI4 (%s) is down: manually cleared",