From 819e67670c8581edf6122c642341e2fadacdfc21 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 9 Dec 2022 20:01:56 +0200 Subject: [PATCH] bgpd: Free memory allocated by info_make() when hitting maximum-prefix ``` Direct leak of 112 byte(s) in 1 object(s) allocated from: 0 0x7feb66337a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 1 0x7feb660cbcc3 in qcalloc lib/memory.c:116 2 0x55cc3cba02d1 in info_make bgpd/bgp_route.c:3831 3 0x55cc3cbab4f1 in bgp_update bgpd/bgp_route.c:4733 4 0x55cc3cbb0620 in bgp_nlri_parse_ip bgpd/bgp_route.c:6111 5 0x55cc3cb79473 in bgp_update_receive bgpd/bgp_packet.c:2020 6 0x55cc3cb7c34a in bgp_process_packet bgpd/bgp_packet.c:2929 7 0x7feb6610ecc5 in thread_call lib/thread.c:2006 8 0x7feb660bfb77 in frr_run lib/libfrr.c:1198 9 0x55cc3cb17232 in main bgpd/bgp_main.c:520 10 0x7feb65ae5082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s). ``` Signed-off-by: Donatas Abraitis --- bgpd/bgp_route.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index e47a348722..c85de24a5c 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -4012,7 +4012,7 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id, struct attr new_attr; struct attr *attr_new; struct bgp_path_info *pi; - struct bgp_path_info *new; + struct bgp_path_info *new = NULL; struct bgp_path_info_extra *extra; const char *reason; char pfx_buf[BGP_PRD_PATH_STRLEN]; @@ -4806,8 +4806,6 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id, if (bgp_maximum_prefix_overflow(peer, afi, safi, 0)) { reason = "maximum-prefix overflow"; bgp_attr_flush(&new_attr); - bgp_unlink_nexthop(new); - bgp_path_info_delete(dest, new); goto filtered; } @@ -4882,6 +4880,13 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id, /* This BGP update is filtered. Log the reason then update BGP entry. */ filtered: + if (new) { + bgp_unlink_nexthop(new); + bgp_path_info_delete(dest, new); + bgp_path_info_extra_free(&new->extra); + XFREE(MTYPE_BGP_ROUTE, new); + } + hook_call(bgp_process, bgp, afi, safi, dest, peer, true); if (bgp_debug_update(peer, p, NULL, 1)) { -- 2.39.5