artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64a4e68) | patch
Check the F_NEXTHOP flag on the right kroute6 object.
authorclaudio <claudio@openbsd.org>
Thu, 1 Jun 2023 09:47:34 +0000 (09:47 +0000)
committerclaudio <claudio@openbsd.org>
Thu, 1 Jun 2023 09:47:34 +0000 (09:47 +0000)
commit76710a0821d7e117b562a41c1835966483d8acf4
treeffc06b2c284801f162c4dfc0b7f69bebeff5bc90tree | snapshot
parent64a4e689617e99eb8eb5d037b2442cda53ac33bfcommit | diff
Check the F_NEXTHOP flag on the right kroute6 object.

On multipath routes the check ended up checking the wrong route for the
nexthop update. This resulted in a use-after-free in kroute_detach_nexthop().
This only affects IPv6 in the IPv4 code path the right object was already used.

Thanks to sthen@ for providing the debug information to track this down.
OK sthen@ tb@
usr.sbin/bgpd/kroute.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim