From a0de1d16cd00694b07b266d4a5dae5985e9072ff Mon Sep 17 00:00:00 2001 From: Christian Franke Date: Fri, 7 Dec 2012 16:35:00 +0000 Subject: bgpd: fix a bug in bgp_attr_dup Commit 558d1fec11749d3257e improved bgp_attr_dup so it would be possible for the caller to provide attr_extra, allowing to use the stack instead of the heap for operations requiring only a short lived attr. However, this commit introduced a bug where bgp_attr_dup wouldn't copy attr_extra at all (but provide a reference to the original) if the caller provided attr_extra. Cc: Jorge Boncompte [DTI2] Signed-off-by: Christian Franke Signed-off-by: David Lamparter --- bgpd/bgp_attr.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'bgpd') diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 2cbd7bc3..1dce39bc 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -321,11 +321,24 @@ bgp_attr_dup (struct attr *new, struct attr *orig) struct attr_extra *extra = new->extra; *new = *orig; - if (orig->extra) + /* if caller provided attr_extra space, use it in any case. + * + * This is neccesary even if orig->extra equals NULL, because otherwise + * memory may be later allocated on the heap by bgp_attr_extra_get. + * + * That memory would eventually be leaked, because the caller must not + * call bgp_attr_extra_free if he provided attr_extra on the stack. + */ + if (extra) + { + new->extra = extra; + memset(new->extra, 0, sizeof(struct attr_extra)); + if (orig->extra) + *new->extra = *orig->extra; + } + else if (orig->extra) { - /* if caller provided attr_extra space use it */ - if (! extra) - new->extra = bgp_attr_extra_new(); + new->extra = bgp_attr_extra_new(); *new->extra = *orig->extra; } } -- cgit v1.2.1