From f096bae46b3d70f548d35a9b64fd76d0a75184a6 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Fri, 3 Jan 2020 14:35:10 -0500 Subject: [PATCH] zebra: Handle crash when backpointer does not exist ================================================================= ==3058==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f5bf3ef7477 bp 0x7ffdfaa20d40 sp 0x7ffdfaa204c8 T0) ==3058==The signal is caused by a READ memory access. ==3058==Hint: address points to the zero page. #0 0x7f5bf3ef7476 in memcpy /build/glibc-OTsEL5/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:134 #1 0x4d158a in __asan_memcpy (/usr/lib/frr/zebra+0x4d158a) #2 0x7f5bf58da8ad in stream_put /home/qlyoung/frr/lib/stream.c:605:3 #3 0x67d428 in zsend_ipset_entry_notify_owner /home/qlyoung/frr/zebra/zapi_msg.c:851:2 #4 0x5c70b3 in zebra_pbr_add_ipset_entry /home/qlyoung/frr/zebra/zebra_pbr.c #5 0x68e1bb in zread_ipset_entry /home/qlyoung/frr/zebra/zapi_msg.c:2465:4 #6 0x68f958 in zserv_handle_commands /home/qlyoung/frr/zebra/zapi_msg.c:2611:3 #7 0x55666d in main /home/qlyoung/frr/zebra/main.c:309:2 #8 0x7f5bf3e5db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #9 0x4311d9 in _start (/usr/lib/frr/zebra+0x4311d9) the ipset->backpointer was NULL as that the hash lookup failed to find anything. Prevent this crash from happening. Signed-off-by: Donald Sharp --- zebra/zapi_msg.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c index 1dbe41f46298..095d918b0a4e 100644 --- a/zebra/zapi_msg.c +++ b/zebra/zapi_msg.c @@ -2447,6 +2447,13 @@ static inline void zread_ipset_entry(ZAPI_HANDLER_ARGS) /* calculate backpointer */ zpi.backpointer = zebra_pbr_lookup_ipset_pername(ipset.ipset_name); + + if (!zpi.backpointer) { + zlog_warn("ipset name specified: %s does not exist", + ipset.ipset_name); + goto stream_failure; + } + if (hdr->command == ZEBRA_IPSET_ENTRY_ADD) zebra_pbr_add_ipset_entry(&zpi); else