From 0fece074e8c9e282ae2cecf9a0a79dc6c930cfb1 Mon Sep 17 00:00:00 2001
From: Avneesh Sachdev <avneesh@opensourcerouting.org>
Date: Sun, 6 May 2012 00:03:07 -0700
Subject: isisd: fix null pointer dereference in send_lsp()

  * isisd/isis_pdu.c: (send_lsp) Handle case where there are no LSPs
    on the LSP transmission queue. This can happen if, for instance,
    the queue is cleared because of protocol events before the
    send_lsp thread gets a chance to run.
---
 isisd/isis_pdu.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'isisd')

diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
index 7375a3eb..ffc67178 100644
--- a/isisd/isis_pdu.c
+++ b/isisd/isis_pdu.c
@@ -3033,7 +3033,19 @@ send_lsp (struct thread *thread)
     return retval;
   }
 
-  lsp = listgetdata ((node = listhead (circuit->lsp_queue)));
+  node = listhead (circuit->lsp_queue);
+
+  /*
+   * Handle case where there are no LSPs on the queue. This can
+   * happen, for instance, if an adjacency goes down before this
+   * thread gets a chance to run.
+   */
+  if (!node)
+    {
+      return retval;
+    }
+
+  lsp = listgetdata(node);
 
   /*
    * Do not send if levels do not match
-- 
cgit v1.2.1