From 8a3bc58ed891c693a032258b6c4dd9b3c01a6eb4 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Fri, 22 Feb 2019 19:19:18 -0500 Subject: [PATCH] zebra: Prevent crash in dad auto recovery Commit: 6005fe55bce1c9cd54f4f7773fc2b0e15a99008f Introduced a crash with zebra looking up either the nbr structure or the mac structure. This is because the zvni used is NULL and we eventually call a hash_lookup call that would cause a NULL dereference. Partially revert this commit to original behavior. Problems found via clang Static Analyzer. Signed-off-by: Donald Sharp --- zebra/zebra_vxlan.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c index 560cd89abd..333af473de 100644 --- a/zebra/zebra_vxlan.c +++ b/zebra/zebra_vxlan.c @@ -9162,16 +9162,16 @@ static int zebra_vxlan_dad_ip_auto_recovery_exp(struct thread *t) nbr = THREAD_ARG(t); /* since this is asynchronous we need sanity checks*/ - nbr = zvni_neigh_lookup(zvni, &nbr->ip); - if (!nbr) + zvrf = vrf_info_lookup(nbr->zvni->vrf_id); + if (!zvrf) return 0; zvni = zvni_lookup(nbr->zvni->vni); if (!zvni) return 0; - zvrf = vrf_info_lookup(zvni->vxlan_if->vrf_id); - if (!zvrf) + nbr = zvni_neigh_lookup(zvni, &nbr->ip); + if (!nbr) return 0; if (IS_ZEBRA_DEBUG_VXLAN) @@ -9212,16 +9212,16 @@ static int zebra_vxlan_dad_mac_auto_recovery_exp(struct thread *t) mac = THREAD_ARG(t); /* since this is asynchronous we need sanity checks*/ - mac = zvni_mac_lookup(zvni, &mac->macaddr); - if (!mac) + zvrf = vrf_info_lookup(mac->zvni->vrf_id); + if (!zvrf) return 0; zvni = zvni_lookup(mac->zvni->vni); if (!zvni) return 0; - zvrf = vrf_info_lookup(zvni->vxlan_if->vrf_id); - if (!zvrf) + mac = zvni_mac_lookup(zvni, &mac->macaddr); + if (!mac) return 0; if (IS_ZEBRA_DEBUG_VXLAN) -- 2.39.5