bgpd: fix invalid memory access in peer_free() - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Renato Westphal <renato@opensourcerouting.org>	2016-11-28 16:47:13 -0200
committer	David Lamparter <equinox@opensourcerouting.org>	2016-12-01 16:34:19 +0100
commit	ff999357fd95690c8105b9da24aa39a2b7ce51a6 (patch)
tree	b7b5dcabf03aeaa3c0b1bac34b6f0067e56f591d /lib/workqueue.h
parent	34620e24b5d8fcb0d66f77dfb39bcd8da636564a (diff)

bgpd: fix invalid memory access in peer_free()

We shoult not call bgp_unlock() before calling bgp_delete_connected_nexthop() in the peer_free() function. Otherwise, if bgp->lock reaches zero, bgp_free() is called and peer->bgp becomes an invalid pointer in the bgp_delete_connected_nexthop() function. To fix this, move the call to bgp_unlock() to the end of peer_free(). Bug exposed by commit 37d361e ("bgpd: plug several memleaks"). Signed-off-by: Renato Westphal <renato@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

Diffstat (limited to 'lib/workqueue.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: