From: Donatas Abraitis Date: Sun, 10 Jul 2022 09:42:46 +0000 (+0300) Subject: bgpd: Free ->raw_data from Hard Notification message after we use it X-Git-Tag: docker/8.3.0~11^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=aa88882667a1a4de6ae2064c6e8138f58cd55289;p=matthieu%2Ffrr.git bgpd: Free ->raw_data from Hard Notification message after we use it ==175785== 0 bytes in 1 blocks are definitely lost in loss record 1 of 88 ==175785== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==175785== by 0x492EB8E: qcalloc (in /usr/local/lib/libfrr.so.0.0.0) ==175785== by 0x269823: bgp_notify_decapsulate_hard_reset (in /usr/lib/frr/bgpd) ==175785== by 0x26C85D: bgp_notify_receive (in /usr/lib/frr/bgpd) ==175785== by 0x26E94E: bgp_process_packet (in /usr/lib/frr/bgpd) ==175785== by 0x4985349: thread_call (in /usr/local/lib/libfrr.so.0.0.0) ==175785== by 0x491D521: frr_run (in /usr/local/lib/libfrr.so.0.0.0) ==175785== by 0x1EBEE8: main (in /usr/lib/frr/bgpd) ==175785== Signed-off-by: Donatas Abraitis (cherry picked from commit c73d236383779498034abaa1a759a784750f46da) --- diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index 9def9622d9..7613ccc7df 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -780,7 +780,7 @@ struct bgp_notify bgp_notify_decapsulate_hard_reset(struct bgp_notify *notify) bn.subcode = notify->raw_data[1]; bn.length = notify->length - 2; - bn.raw_data = XCALLOC(MTYPE_BGP_NOTIFICATION, bn.length); + bn.raw_data = XMALLOC(MTYPE_BGP_NOTIFICATION, bn.length); memcpy(bn.raw_data, notify->raw_data + 2, bn.length); return bn; @@ -2121,6 +2121,12 @@ static int bgp_notify_receive(struct peer *peer, bgp_size_t size) if (outer.length) { XFREE(MTYPE_BGP_NOTIFICATION, outer.data); XFREE(MTYPE_BGP_NOTIFICATION, outer.raw_data); + + /* If this is a Hard Reset notification, we MUST free + * the inner (encapsulated) notification too. + */ + if (hard_reset) + XFREE(MTYPE_BGP_NOTIFICATION, inner.raw_data); outer.length = 0; } }