diff options
| author | David Lamparter <equinox@opensourcerouting.org> | 2025-01-22 11:19:04 +0100 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2025-02-11 08:43:53 +0000 |
| commit | 536488044c6e499ccace5d2e1beb39b54ab83247 (patch) | |
| tree | f83ab59c09943c4c5afa0e4430a1f27b7e2be7ea | |
| parent | 7f5eb20b45fe4c97a7410527df62440638a1105a (diff) | |
lib: guard against padding garbage in ZAPI read
When reading in a nexthop from ZAPI, only set the fields that actually
have meaning. While it shouldn't happen to begin with, we can otherwise
carry padding garbage into the unused leftover union bytes.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 4a0e1419a69d07496c7adfb744beecd00e1efef2)
| -rw-r--r-- | lib/zclient.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/lib/zclient.c b/lib/zclient.c index 1aab7b48ba..f2184b0aae 100644 --- a/lib/zclient.c +++ b/lib/zclient.c @@ -2132,7 +2132,27 @@ struct nexthop *nexthop_from_zapi_nexthop(const struct zapi_nexthop *znh) n->type = znh->type; n->vrf_id = znh->vrf_id; n->ifindex = znh->ifindex; - n->gate = znh->gate; + + /* only copy values that have meaning - make sure "spare bytes" are + * left zeroed for hashing (look at _nexthop_hash_bytes) + */ + switch (znh->type) { + case NEXTHOP_TYPE_BLACKHOLE: + n->bh_type = znh->bh_type; + break; + case NEXTHOP_TYPE_IPV4: + case NEXTHOP_TYPE_IPV4_IFINDEX: + n->gate.ipv4 = znh->gate.ipv4; + break; + case NEXTHOP_TYPE_IPV6: + case NEXTHOP_TYPE_IPV6_IFINDEX: + n->gate.ipv6 = znh->gate.ipv6; + break; + case NEXTHOP_TYPE_IFINDEX: + /* nothing, ifindex is always copied */ + break; + } + n->srte_color = znh->srte_color; /* |