From af9aee79f996374868b4bd0c356e6c2267bcc4b2 Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Tue, 20 Dec 2022 09:48:43 +0200
Subject: [PATCH] bgpd: Check if bgp_path_info is not NULL when setting AIGP
 metric TLV

*** CID 1530035:  Null pointer dereferences  (FORWARD_NULL)
/bgpd/bgp_updgrp_packet.c: 756 in subgroup_update_packet()
750                              * position.
751                              */
752                             mpattr_pos = stream_get_endp(s);
753
754                             /* 5: Encode all the attributes, except MP_REACH_NLRI
755                              * attr. */
>>>     CID 1530035:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "path" to "bgp_packet_attribute", which dereferences it.
756                             total_attr_len = bgp_packet_attribute(
757                                     NULL, peer, s, adv->baa->attr, &vecarr, NULL,
758                                     afi, safi, from, NULL, NULL, 0, 0, 0, path);
759
760                             space_remaining =
761                                     STREAM_CONCAT_REMAIN(s, snlri, STREAM_SIZE(s))

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 bgpd/bgp_attr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index 72905a6acb..f3848db072 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -4682,7 +4682,7 @@ bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer,
 	}
 
 	/* AIGP */
-	if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AIGP) &&
+	if (bpi && attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AIGP) &&
 	    (CHECK_FLAG(peer->flags, PEER_FLAG_AIGP) ||
 	     peer->sort != BGP_PEER_EBGP)) {
 		/* At the moment only AIGP Metric TLV exists for AIGP
-- 
2.39.5