From 32af4995aae647cf9d7c70347ec37b57279ea807 Mon Sep 17 00:00:00 2001
From: Yuan Yuan <yyuanam@amazon.com>
Date: Tue, 30 May 2023 18:53:32 +0000
Subject: [PATCH] bgpd: fix bgpd core when unintern attr

When the remote peer is neither EBGP nor confed, aspath is the
shadow copy of attr->aspath in bgp_packet_attribute(). Striping
AS4_PATH should not be done on the aspath directly, since
that would lead to bgpd core dump when unintern the attr.

Signed-off-by: Yuan Yuan <yyuanam@amazon.com>
---
 bgpd/bgp_attr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index d5223a1e6e..ec9f12d61a 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -4682,6 +4682,10 @@ bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer,
 		 * there! (JK)
 		 * Folks, talk to me: what is reasonable here!?
 		 */
+
+		/* Make sure dup aspath before the modification */
+		if (aspath == attr->aspath)
+			aspath = aspath_dup(attr->aspath);
 		aspath = aspath_delete_confed_seq(aspath);
 
 		stream_putc(s,
-- 
2.39.5