From: Pascal Mathis <mail@pascalmathis.com>
Date: Thu, 14 Jun 2018 17:40:36 +0000 (+0200)
Subject: bgpd: Fix crash when showing filtered routes
X-Git-Tag: frr-6.1-dev~291^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F2450%2Fhead;p=mirror%2Ffrr.git

bgpd: Fix crash when showing filtered routes

This commit fixes the issue mentioned in #2419, which is caused by a
double-free. The problem of the current implementation is that
*bgp_input_modifier* already frees the passed attributes under specific
circumstances, which can then lead to a double-free as *bgp_attr_undup*
does not check if the attributes are set to NULL.

As it is not transparent to the function caller if the attributes get
freed or not and the similar function *bgp_output_modifier* also does
not flush the passed attributes, the line has been removed altogether.

All callers of *bgp_input_modifier* already deal by themself with
freeing/flushing/unduping BGP attributes, so it is safe to remove.

Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
---

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 0a15eb5040..95e7def8fb 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -1185,12 +1185,8 @@ static int bgp_input_modifier(struct peer *peer, struct prefix *p,
 
 		peer->rmap_type = 0;
 
-		if (ret == RMAP_DENYMATCH) {
-			/* Free newly generated AS path and community by
-			 * route-map. */
-			bgp_attr_flush(attr);
+		if (ret == RMAP_DENYMATCH)
 			return RMAP_DENY;
-		}
 	}
 	return RMAP_PERMIT;
 }