diff options
| author | Philippe Guibert <philippe.guibert@6wind.com> | 2025-02-07 15:49:10 +0100 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2025-02-12 14:37:58 +0000 |
| commit | 8a64ccbf68e0e0058ebd069c1e41587a7745d0e0 (patch) | |
| tree | 39701e74acc5f6c43f799877519b98c185d14001 | |
| parent | 7a9abe777b743d3c2dce57f48e7cbeb223c319d5 (diff) | |
bgpd: fix bgp label evpn CID 1636504
The following static analysis can be seen :
> *** CID 1636504: (ARRAY_VS_SINGLETON)
> /bgpd/bgp_evpn_mh.c: 1241 in bgp_evpn_type1_route_process()
> 1235 build_evpn_type1_prefix(&p, eth_tag, &esi, vtep_ip);
> 1236 /* Process the route. */
> 1237 if (attr) {
> 1238 bgp_update(peer, (struct prefix *)&p, addpath_id, attr, afi, safi, ZEBRA_ROUTE_BGP,
> 1239 BGP_ROUTE_NORMAL, &prd, &label, num_labels, 0, NULL);
> 1240 } else {
> >>> CID 1636504: (ARRAY_VS_SINGLETON)
> >>> Passing "&label" to function "bgp_withdraw" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
> 1241 bgp_withdraw(peer, (struct prefix *)&p, addpath_id, afi, safi, ZEBRA_ROUTE_BGP,
> 1242 BGP_ROUTE_NORMAL, &prd, &label, num_labels);
> 1243 }
> 1244 return 0;
> 1245 }
> 1246
> /bgpd/bgp_evpn_mh.c: 1238 in bgp_evpn_type1_route_process()
> 1232 * table
> 1233 */
> 1234 vtep_ip.s_addr = INADDR_ANY;
> 1235 build_evpn_type1_prefix(&p, eth_tag, &esi, vtep_ip);
> 1236 /* Process the route. */
> 1237 if (attr) {
> >>> CID 1636504: (ARRAY_VS_SINGLETON)
> >>> Passing "&label" to function "bgp_update" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
> 1238 bgp_update(peer, (struct prefix *)&p, addpath_id, attr, afi, safi, ZEBRA_ROUTE_BGP,
> 1239 BGP_ROUTE_NORMAL, &prd, &label, num_labels, 0, NULL);
> 1240 } else {
> 1241 bgp_withdraw(peer, (struct prefix *)&p, addpath_id, afi, safi, ZEBRA_ROUTE_BGP,
> 1242 BGP_ROUTE_NORMAL, &prd, &label, num_labels);
> 1243 }
Fix this by declaring a label array instead of a single array.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit ba462af2e3a4a242b2ffcde6074750f851632777)
| -rw-r--r-- | bgpd/bgp_evpn_mh.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/bgpd/bgp_evpn_mh.c b/bgpd/bgp_evpn_mh.c index 7fd4bb91e2..57f638240d 100644 --- a/bgpd/bgp_evpn_mh.c +++ b/bgpd/bgp_evpn_mh.c @@ -1198,7 +1198,7 @@ int bgp_evpn_type1_route_process(struct peer *peer, afi_t afi, safi_t safi, struct prefix_rd prd; esi_t esi; uint32_t eth_tag; - mpls_label_t label; + mpls_label_t label[BGP_MAX_LABELS] = {}; struct in_addr vtep_ip; struct prefix_evpn p; @@ -1224,7 +1224,7 @@ int bgp_evpn_type1_route_process(struct peer *peer, afi_t afi, safi_t safi, eth_tag = ntohl(eth_tag); pfx += EVPN_ETH_TAG_BYTES; - memcpy(&label, pfx, BGP_LABEL_BYTES); + memcpy(&label[0], pfx, BGP_LABEL_BYTES); /* EAD route prefix doesn't include the nexthop in the global * table @@ -1234,10 +1234,10 @@ int bgp_evpn_type1_route_process(struct peer *peer, afi_t afi, safi_t safi, /* Process the route. */ if (attr) { bgp_update(peer, (struct prefix *)&p, addpath_id, attr, afi, safi, ZEBRA_ROUTE_BGP, - BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL); + BGP_ROUTE_NORMAL, &prd, &label[0], 1, 0, NULL); } else { bgp_withdraw(peer, (struct prefix *)&p, addpath_id, afi, safi, ZEBRA_ROUTE_BGP, - BGP_ROUTE_NORMAL, &prd, &label, 1); + BGP_ROUTE_NORMAL, &prd, &label[0], 1); } return 0; } |