Skip to content

bgpd: Do not reuse the same adj->adv when flushing fifo (attributes too long) #18993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Jafaral merged 1 commit into from
Jun 10, 2025
Merged

bgpd: Do not reuse the same adj->adv when flushing fifo (attributes too long) #18993

Jafaral merged 1 commit into from
Jun 10, 2025

Conversation

@ton31337
Copy link
Member

@ton31337 ton31337 commented Jun 10, 2025

No description provided.

@ton31337
bgpd: Do not reuse the same adj->adv when flushing fifo (attributes t…
6536bd6 
…oo long)

2025/04/24 22:46:35 BGP: [N463T-4M950][EC 33554449] u4:s4 attributes too long, cannot send UPDATE
BGP: Received signal 11 at 1745523995 (si_addr 0x30, PC 0x55f988339d30); aborting...
BGP: /usr/lib/x86_64-linux-gnu/frr/libfrr.so.0(zlog_backtrace_sigsafe+0x6f) [0x7f9ba3aca4cf]
BGP: /usr/lib/x86_64-linux-gnu/frr/libfrr.so.0(zlog_signal+0xf5) [0x7f9ba3aca6d5]
BGP: /usr/lib/x86_64-linux-gnu/frr/libfrr.so.0(+0x106481) [0x7f9ba3b06481]
BGP: /lib/x86_64-linux-gnu/libc.so.6(+0x3c050) [0x7f9ba385b050]
BGP: /usr/lib/frr/bgpd(bgp_advertise_clean_subgroup+0x20) [0x55f988339d30]
BGP: /usr/lib/frr/bgpd(subgroup_update_packet+0x6db) [0x55f98833c8bb]
BGP: /usr/lib/frr/bgpd(bgp_generate_updgrp_packets+0x439) [0x55f9882f3709]
BGP: /usr/lib/x86_64-linux-gnu/frr/libfrr.so.0(event_call+0x81) [0x7f9ba3b18d51]
BGP: /usr/lib/x86_64-linux-gnu/frr/libfrr.so.0(frr_run+0xc0) [0x7f9ba3ac1580]
BGP: /usr/lib/frr/bgpd(main+0x3ce) [0x55f98828b88e]
BGP: /lib/x86_64-linux-gnu/libc.so.6(+0x2724a) [0x7f9ba384624a]
BGP: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85) [0x7f9ba3846305]
BGP: /usr/lib/frr/bgpd(_start+0x21) [0x55f98828d841]

bgp_advertise_clean_subgroup() sets adj->adv = NULL (first iteration), then we
pass the same adj and we have adj->adv NULL which is then dereferenced and crashing.

Signed-off-by: Donatas Abraitis <[email protected]>
@frrbot frrbot bot added the bgp label Jun 10, 2025
@ton31337 ton31337 marked this pull request as draft June 10, 2025 12:38
@ton31337 ton31337 marked this pull request as ready for review June 10, 2025 13:35
riw777
riw777 approved these changes Jun 10, 2025
View reviewed changes
Copy link
Member

@riw777 riw777 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@Jafaral
Copy link
Member

Jafaral commented Jun 10, 2025

@Mergifyio backport dev/10.4

@mergify
Copy link

mergify bot commented Jun 10, 2025
edited
Loading

backport dev/10.4

✅ Backports have been created

Details

@Jafaral Jafaral merged commit ef96f2f into FRRouting:master Jun 10, 2025
16 checks passed
@mergify mergify bot mentioned this pull request Jun 10, 2025
Merged
@louis-6wind louis-6wind mentioned this pull request Jun 10, 2025
Closed
@ton31337 ton31337 deleted the fix/bgp_crash_attributes_too_long branch June 10, 2025 20:06
@ton31337 ton31337 mentioned this pull request Jun 10, 2025
Closed
2 tasks
ton31337 added a commit that referenced this pull request Jun 11, 2025
@ton31337
Merge pull request #18999 from FRRouting/mergify/bp/dev/10.4/pr-18993
9a85cc7 
bgpd: Do not reuse the same adj->adv when flushing fifo (attributes too long) (backport #18993)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@riw777 riw777 riw777 approved these changes

Assignees

No one assigned

Labels

backport bgp master size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ton31337 @Jafaral @riw777