From 993b1432259e1859dc41c73e345bc573968721c5 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Sun, 18 Mar 2018 21:46:58 -0400
Subject: [PATCH] pimd: Fix leaked fd and prevent null pointer deref

When the pim_nexthop_lookup fails, close the opened fd
as part of the failure condition.

Additionally pim_nexthop_lookup assumes that we've
actually already looked up a nexthop in the past.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 pimd/pim_igmp_mtrace.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pimd/pim_igmp_mtrace.c b/pimd/pim_igmp_mtrace.c
index 5e2e316d85..9e59dc31b6 100644
--- a/pimd/pim_igmp_mtrace.c
+++ b/pimd/pim_igmp_mtrace.c
@@ -256,9 +256,11 @@ static int mtrace_un_forward_packet(struct pim_instance *pim, struct ip *ip_hdr,
 	pim_socket_ip_hdr(fd);
 
 	if (interface == NULL) {
+		memset(&nexthop, 0, sizeof(nexthop));
 		ret = pim_nexthop_lookup(pim, &nexthop, ip_hdr->ip_dst, 0);
 
 		if (ret != 0) {
+			close(fd);
 			if (PIM_DEBUG_MTRACE)
 				zlog_warn(
 					"Dropping mtrace packet, "
@@ -434,6 +436,7 @@ static int mtrace_send_response(struct pim_instance *pim,
 		if (PIM_DEBUG_MTRACE)
 			zlog_debug("mtrace response to RP");
 	} else {
+		memset(&nexthop, 0, sizeof(nexthop));
 		/* TODO: should use unicast rib lookup */
 		ret = pim_nexthop_lookup(pim, &nexthop, mtracep->rsp_addr, 1);
 
@@ -613,6 +616,7 @@ int igmp_mtrace_recv_qry_req(struct igmp_sock *igmp, struct ip *ip_hdr,
 
 	nh_addr.s_addr = 0;
 
+	memset(&nexthop, 0, sizeof(nexthop));
 	ret = pim_nexthop_lookup(pim, &nexthop, mtracep->src_addr, 1);
 
 	if (ret == 0) {
-- 
2.39.5