bgpd: Prevent use after free

When bgp_stop finishes and it deletes the peer it is sending back a return code stating that the peer was deleted, but the code was operating like it was not deleted and continued to access the data structure. Fix. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
author: Donald Sharp <sharpd@nvidia.com> 2023-08-25 10:43:56 -0400
committer: Donald Sharp <sharpd@nvidia.com> 2023-08-25 10:43:56 -0400
commit: 5160672d99ad4f583376542f04c9e68d357f9f73 (patch)
tree: 33cb1681f1f08775018425a43187c7c50ef25431 /bgpd/bgp_fsm.c
parent: d4a9b103b7e1af87643fc9542ca9dff6da967c37 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c
index d08159eb50..92038a73e4 100644
--- a/bgpd/bgp_fsm.c
+++ b/bgpd/bgp_fsm.c
@@ -2675,7 +2675,6 @@ int bgp_event_update(struct peer *peer, enum bgp_fsm_events event)
 		bgp_timer_set(peer);
 		break;
 	case BGP_FSM_FAILURE:
-	case BGP_FSM_FAILURE_AND_DELETE:
 		/*
 		 * If we got a return value of -1, that means there was an
 		 * error, restart the FSM. Since bgp_stop() was called on the
@@ -2699,7 +2698,9 @@ int bgp_event_update(struct peer *peer, enum bgp_fsm_events event)
 			bgp_timer_set(peer);
 		}
 		fsm_result = FSM_PEER_STOPPED;
-
+		break;
+	case BGP_FSM_FAILURE_AND_DELETE:
+		fsm_result = FSM_PEER_STOPPED;
 		break;
 	}
author	Donald Sharp <sharpd@nvidia.com>	2023-08-25 10:43:56 -0400
committer	Donald Sharp <sharpd@nvidia.com>	2023-08-25 10:43:56 -0400
commit	5160672d99ad4f583376542f04c9e68d357f9f73 (patch)
tree	33cb1681f1f08775018425a43187c7c50ef25431 /bgpd/bgp_fsm.c
parent	d4a9b103b7e1af87643fc9542ca9dff6da967c37 (diff)