From 19f451913ed73810e4b02774eae37782c8c36f24 Mon Sep 17 00:00:00 2001 From: Pooja Jagadeesh Doijode Date: Mon, 27 Mar 2023 10:31:00 -0700 Subject: [PATCH] ospfd: Fix for vitual-link crash in signal handler Whenever OSPF virtual-link is created, a virtual interface is associated with it. Name of the virtual interface is derived by combining "VLINK" string with the value of vlink_count, which is a global variable. Problem: Consider a scenario where 2 virtual links A and B are created in OSPF with virtual interfaces VLINK0 and VLINK1 respectively. When virtual-link A is unconfigured and reconfigured, new interface name derived for it will be VLINK1, which is already associated with virtual-link B. Due to this, both virtual-links A and B will point to the same interface, VLINK1. During FRR restart when signal handler is called, OSPF goes through all the virtual links and deletes the interface(oi) associated with it. During the deletion of interface for virtual-link B,it accesses the interface which was deleted already(which was deleted during deletion of virual-link A) and whose fields were set to NULL. This leads to OSPF crash. Fixed it by not decrementing vlink_count during unconfig/deletion for virtual-link. Signed-off-by: Pooja Jagadeesh Doijode --- ospfd/ospf_interface.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c index dcecffa6a5..649ba70e02 100644 --- a/ospfd/ospf_interface.c +++ b/ospfd/ospf_interface.c @@ -977,7 +977,6 @@ static void ospf_vl_if_delete(struct ospf_vl_data *vl_data) if_delete(&ifp); if (!vrf_is_enabled(vrf)) vrf_delete(vrf); - vlink_count--; } /* for a defined area, count the number of configured vl -- 2.39.5