bgpd: fix memory leak when parsing capabilities

Duplicated domain name capability messages cause memory leak. The amount of leaked memory is proportional to the size of the duplicated capabilities. This bug was introduced in 2015. To hit this, a BGP OPEN message must contain multiple FQDN capabilities. Memory is leaked when the hostname portion of the capability is of length 0, but the domainname portion is not, for any of the duplicated capabilities beyond the first one. https://tools.ietf.org/html/draft-walton-bgp-hostname-capability-00 Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
author: Quentin Young <qlyoung@cumulusnetworks.com> 2020-01-15 13:00:34 -0500
committer: Quentin Young <qlyoung@cumulusnetworks.com> 2020-01-16 12:50:27 -0500
commit: aba5353c175f219e5526f280d168cb0d655a0b14 (patch)
tree: 966c316075f15edb093d4a1888c7363d378a12f5 /bgpd/bgp_open.c
parent: c49bafc2549bf890a359cbd0e4573a77f5f00c89 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
index f17bc7b8c0..23b893c1c8 100644
--- a/bgpd/bgp_open.c
+++ b/bgpd/bgp_open.c
@@ -747,6 +747,12 @@ static int bgp_capability_hostname(struct peer *peer,
 
 	if (len) {
 		str[len] = '\0';
+
+		if (peer->domainname != NULL) {
+			XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
+			peer->domainname = NULL;
+		}
+
 		peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
 	}
author	Quentin Young <qlyoung@cumulusnetworks.com>	2020-01-15 13:00:34 -0500
committer	Quentin Young <qlyoung@cumulusnetworks.com>	2020-01-16 12:50:27 -0500
commit	aba5353c175f219e5526f280d168cb0d655a0b14 (patch)
tree	966c316075f15edb093d4a1888c7363d378a12f5 /bgpd/bgp_open.c
parent	c49bafc2549bf890a359cbd0e4573a77f5f00c89 (diff)