Babel: Possible segfault in bird unfeasible update handling code
Daniel Gröber
dxld at darkboxed.org
Sun Jan 29 23:35:03 CET 2023
Hi Babelers,
I've been working on the babel proto in bird and found some code where I
can't convince myself it won't segfault. The problematic bit is, I think,
's' in babel_handle_update can be NULL because nothing ensures the
babel_source for a particular neighbour actually exists here:
/* Regular update */
[...]
s = babel_find_source(e, msg->router_id); /* for feasibility */
[...]
/* RFC section 3.8.2.2 - Dealing with unfeasible updates */
if (!feasible && (metric != BABEL_INFINITY) &&
(!best || (r == best) || (metric < best->metric)))
babel_add_seqno_request(p, e, s->router_id, s->seqno + 1, 0, nbr);
//^ BUG: Can 's' be NULL here?
The only place that allocates sources is babel_send_update_ which just
happens at it's own pace and has nothing to do with incoming update
handling AFAICT.
Am I missing something or is this a bug? Perhaps find should just be
replaced by babel_get_source here?
--Daniel
More information about the Bird-users
mailing list