From 1ec0bd103f406f20e33670956e6d8117d5b091be Mon Sep 17 00:00:00 2001 From: Andreas Karis Date: Thu, 19 Oct 2023 11:27:33 +0200 Subject: [PATCH] Resolves: RHEL-12039 - crash in plist update Signed-off-by: Andreas Karis --- 0017-fix-crash-in-plist-update.patch | 48 ++++++++++++++++++++++++++++ frr.spec | 6 +++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 0017-fix-crash-in-plist-update.patch diff --git a/0017-fix-crash-in-plist-update.patch b/0017-fix-crash-in-plist-update.patch new file mode 100644 index 0000000..69bfc64 --- /dev/null +++ b/0017-fix-crash-in-plist-update.patch @@ -0,0 +1,48 @@ +From 0f9e4c4a36cf2b0dd585a7ef97acccb8eebdf7bd Mon Sep 17 00:00:00 2001 +From: Chirag Shah +Date: Mon, 25 Jan 2021 11:44:56 -0800 +Subject: [PATCH] lib: fix a crash in plist update + +Problem: +Prefix-list with mulitiple rules, an update to +a rule/sequence with different prefix/prefixlen +reset prefix-list next-base pointer to avoid +having stale value. + +In some case the old next-bast's reference leads +to an assert in tri (trie_install_fn ) add. + +bt: +(object=0x55576a4c8a00, updptr=0x55576a4b97e0) at lib/plist.c:560 +(plist=0x55576a4a1770, pentry=0x55576a4c8a00) at lib/plist.c:585 +(ple=0x55576a4c8a00) at lib/plist.c:745 +(args=0x7fffe04beb50) at lib/filter_nb.c:1181 + +Solution: +Reset prefix-list next-base pointer whenver a +sequence/rule is updated. + +Ticket:CM-33109 +Testing Done: + +Signed-off-by: Chirag Shah +Signed-off-by: Rafael Zalamena +(cherry picked from commit f7f101156eb0e225f375f12cf4f863ebbe3fed03) +--- + lib/plist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/plist.c b/lib/plist.c +index 981e86e2a..c746d1946 100644 +--- a/lib/plist.c ++++ b/lib/plist.c +@@ -684,6 +684,7 @@ void prefix_list_entry_update_start(struct prefix_list_entry *ple) + if (pl->head || pl->tail || pl->desc) + pl->master->recent = pl; + ++ ple->next_best = NULL; + ple->installed = false; + } + +-- +2.41.0 diff --git a/frr.spec b/frr.spec index 7646155..e602230 100644 --- a/frr.spec +++ b/frr.spec @@ -7,7 +7,7 @@ Name: frr Version: 7.5.1 -Release: 14%{?checkout}%{?dist} +Release: 15%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org @@ -56,6 +56,7 @@ Patch0013: 0013-CVE-2022-37032.patch Patch0014: 0014-bfd-profile-crash.patch Patch0015: 0015-max-ttl-reload.patch Patch0016: 0016-CVE-2023-38802.patch +Patch0017: 0017-fix-crash-in-plist-update.patch %description FRRouting is free software that manages TCP/IP based routing protocols. It takes @@ -276,6 +277,9 @@ make check PYTHON=%{__python3} %endif %changelog +* Thu Oct 19 2023 Andreas Karis - 7.5.1-15 +- Resolves: RHEL-12039 - crash in plist update + * Fri Oct 13 2023 Michal Ruprich - 7.5.1-14 - Resolves: RHEL-6617 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router