CVS: cvs.openbsd.org: src

Wed, 30 Oct 2019 13:03:19 -0700 

CVSROOT:        /cvs
Module name:    src
Changes by:     be...@cvs.openbsd.org   2019/10/30 14:02:19

Modified files:
        usr.sbin/bgpd  : Tag: OPENBSD_6_6 rde.c rde.h rde_rib.c 

Log message:
bgpd(8) can crash on nexthop changes or during startup in certain
configurations.

This is OpenBSD 6.6 errata 003 and combines the following commits from
-current:

---------------------------------------------
CVSROOT:        /cvs
Module name:    src
Changes by:     clau...@cvs.openbsd.org 2019/10/29 00:47:04

Modified files:
usr.sbin/bgpd  : rde_rib.c

Log message:
Replace the fatal non existing prefix call with a pt_add() call that
actually inserts the missing prefix in the prefix tree. While for
regular updates to the Adj-RIB-Out this case is indeed not reachable
it is reachable when using 'export default-route'.
Problem reported and fix tested by Esa Kuusisto.
OK benno@
---------------------------------------------
CVSROOT:        /cvs
Module name:    src
Changes by:     clau...@cvs.openbsd.org 2019/10/29 23:27:50

Modified files:
usr.sbin/bgpd  : rde.c rde.h rde_rib.c

Log message:
Add PREFIX_FLAG_STALE to mark prefixes in the Adj-RIB-Out as stale during
graceful reload. At the same time extend peer_dump() to force all updates
getting sent by adding every entry in the Adj-RIB-Out to the update tree
unless they are PREFIX_FLAG_DEAD or PREFIX_FLAG_STALE. The latter will be
removed during that stage since peer_dump() just did a full update of the
Adj-RIB-Out. Also fix prefix_withdraw to check the correct prefix flags
before removing a prefix from the update or withdraw tree.
OK benno@
---------------------------------------------
CVSROOT:        /cvs
Module name:    src
Changes by:     clau...@cvs.openbsd.org 2019/10/29 00:42:05

Modified files:
usr.sbin/bgpd  : rde_rib.c

Log message:
Fix two cases where the nexthop_runners tail queue can get corrupted.
First by requeuing an element that is already on the list and second
by freeing a nexthop that is still on the list resulting in a use after
free. This should fix bgpd crashes seen by various people.
Problem report including backtrace from benno@
OK benno@

Reply via email to