Skip to content

Commit

Permalink
bgpd: fix memory leak when parsing capabilities
Browse files Browse the repository at this point in the history 
Duplicated domain name capability messages cause memory leak. The amount
of leaked memory is proportional to the size of the duplicated
capabilities. This bug was introduced in 2015.

To hit this, a BGP OPEN message must contain multiple FQDN capabilities.
Memory is leaked when the hostname portion of the capability is of
length 0, but the domainname portion is not, for any of the duplicated
capabilities beyond the first one.

https://tools.ietf.org/html/draft-walton-bgp-hostname-capability-00

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
  • Loading branch information
@qlyoung
qlyoung committed Jan 16, 2020
1 parent c49bafc commit aba5353
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions bgpd/bgp_open.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -747,6 +747,12 @@ static int bgp_capability_hostname(struct peer *peer,

if (len) {
str[len] = '\0';

if (peer->domainname != NULL) {
XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
peer->domainname = NULL;
}

peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
}

Expand Down

0 comments on commit aba5353

Please sign in to comment.