BGPD: Cores when cleared with doppelganger.

RCA: When doppelganger still around and clear bgp is issued
there are chances of peer getting deleted and next pointer
is a  freed peer pointer.

Fix: Pass address of nnode to get next safe peer pointer.

Signed-off-by: Santosh P K <sapk@vmware.com>

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index 62767a603c8869b0f57ff9aa185f5d141359e0cc..8b77d7c7cf893241b5b41aef3c391a8ec1901723 100644 (file)
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -753,7 +753,7 @@ static void bgp_clear_vty_error(struct vty *vty, struct peer *peer, afi_t afi,
 }
 
 static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
-                         struct listnode *nnode, enum bgp_clear_type stype)
+                         struct listnode **nnode, enum bgp_clear_type stype)
 {
        int ret = 0;
 
@@ -767,7 +767,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
                                continue;
 
                        if (stype == BGP_CLEAR_SOFT_NONE)
-                               ret = peer_clear(peer, &nnode);
+                               ret = peer_clear(peer, nnode);
                        else
                                ret = peer_clear_soft(peer, tmp_afi, tmp_safi,
                                                      stype);
@@ -782,7 +782,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
                                continue;
 
                        if (stype == BGP_CLEAR_SOFT_NONE)
-                               ret = peer_clear(peer, &nnode);
+                               ret = peer_clear(peer, nnode);
                        else
                                ret = peer_clear_soft(peer, afi,
                                                      tmp_safi, stype);
@@ -793,7 +793,7 @@ static int bgp_peer_clear(struct peer *peer, afi_t afi, safi_t safi,
                        return 1;
 
                if (stype == BGP_CLEAR_SOFT_NONE)
-                       ret = peer_clear(peer, &nnode);
+                       ret = peer_clear(peer, nnode);
                else
                        ret = peer_clear_soft(peer, afi, safi, stype);
        }
@@ -826,7 +826,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
                        if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
                                gr_router_detected = true;
 
-                       ret = bgp_peer_clear(peer, afi, safi, nnode,
+                       ret = bgp_peer_clear(peer, afi, safi, &nnode,
                                                          stype);
 
                        if (ret < 0)
@@ -901,7 +901,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
                }
 
                for (ALL_LIST_ELEMENTS(group->peer, node, nnode, peer)) {
-                       ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
+                       ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
 
                        if (ret < 0)
                                bgp_clear_vty_error(vty, peer, afi, safi, ret);
@@ -928,7 +928,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
                        if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
                                gr_router_detected = true;
 
-                       ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
+                       ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
 
                        if (ret < 0)
                                bgp_clear_vty_error(vty, peer, afi, safi, ret);
@@ -965,7 +965,7 @@ static int bgp_clear(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi,
                        if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART))
                                gr_router_detected = true;
 
-                       ret = bgp_peer_clear(peer, afi, safi, nnode, stype);
+                       ret = bgp_peer_clear(peer, afi, safi, &nnode, stype);
 
                        if (ret < 0)
                                bgp_clear_vty_error(vty, peer, afi, safi, ret);