bgpd: Limit flowspec to no attribute means a implicit withdrawal

All other parsing functions done from bgp_nlri_parse() assume no attributes == an implicit withdrawal. Let's move bgp_nlri_parse_flowspec() into the same alignment. Reported-by: Matteo Memelli <mmemelli@amazon.it> Signed-off-by: Donald Sharp <sharpd@nvidia.com>
FRRouting · Apr 6, 2023 · cfd04dc · cfd04dc
1 parent 78745b8
commit cfd04dc
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
@@ -98,6 +98,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
 	afi = packet->afi;
 	safi = packet->safi;
 
+	/*
+	 * All other AFI/SAFI's treat no attribute as a implicit
+	 * withdraw.  Flowspec should as well.
+	 */
+	if (!attr)
+		withdraw = 1;
+
 	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
 		flog_err(EC_BGP_FLOWSPEC_PACKET,
 			 "BGP flowspec nlri length maximum reached (%u)",