From 908f5e616ba9ae5b42e3135e75aead621b235a23 Mon Sep 17 00:00:00 2001 From: github login name Date: Tue, 6 Jul 2021 04:31:21 -0700 Subject: [PATCH] ospf6d: Fix crash in ospf6_asbr_lsa_remove at ospf6d/ospf6_asbr.c:696 Issue: Crash observed when LSAs are removed from LSDB after max age when there is no area configured. (gdb) bt 0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 1 0x00007fdb190548bc in core_handler (signo=6, siginfo=0x7ffdd2f5a470, context=) at lib/sigevent.c:262 2 3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 4 0x00007fdb185ad921 in __GI_abort () at abort.c:79 5 0x00007fdb1907f199 in _zlog_assert_failed (xref=xref@entry=0x55f30902aa20 <_xref.21999>, extra=extra@entry=0x0) at lib/zlog.c:581 6 0x000055f308dc4f78 in ospf6_asbr_lsa_remove (lsa=0x55f30a7546d0, asbr_entry=0x0) at ospf6d/ospf6_asbr.c:696 7 0x000055f308dd8f0d in ospf6_lsdb_remove (lsa=0x55f30a7546d0, lsdb=lsdb@entry=0x55f30a73d300) at ospf6d/ospf6_lsdb.c:166 8 0x000055f308dd9701 in ospf6_lsdb_maxage_remover (lsdb=0x55f30a73d300) at ospf6d/ospf6_lsdb.c:376 9 0x000055f308dee724 in ospf6_maxage_remover (thread=) at ospf6d/ospf6_top.c:603 10 0x00007fdb1906520d in thread_call (thread=thread@entry=0x7ffdd2f5ae90) at lib/thread.c:1919 11 0x00007fdb19023e48 in frr_run (master=0x55f30a569b70) at lib/libfrr.c:1155 12 0x000055f308dc09b6 in main (argc=6, argv=0x7ffdd2f5b198, envp=) at ospf6d/ospf6_main.c:235 (gdb) Steps to reproduce the issue: 1. router ospf6 2. redistribute static 3. ipv6 route 1::1/128 Null0 4. no redistribute static 5. wait for Max aged LSA to flush 6. Check DB, crash occurs. RCA: Crash occurred while accessing listgetdata(listhead(ospf6->area_list)) When there is no area attached to any of the interface listhead(ospf6->area_list) is NULL. Therefore it crashed due to NULL access. Fix: Check before accessing null pointer. Signed-off-by: Mobashshera Rasool --- ospf6d/ospf6_asbr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ospf6d/ospf6_asbr.c b/ospf6d/ospf6_asbr.c index d4e52f0ede..aad4e7571d 100644 --- a/ospf6d/ospf6_asbr.c +++ b/ospf6d/ospf6_asbr.c @@ -690,7 +690,7 @@ void ospf6_asbr_lsa_remove(struct ospf6_lsa *lsa, if (ospf6_check_and_set_router_abr(ospf6)) oa = ospf6->backbone; else - oa = listgetdata(listhead(ospf6->area_list)); + oa = listnode_head(ospf6->area_list); } if (oa == NULL) { -- 2.39.5