]> git.ipfire.org Git - thirdparty/bird.git/commit
projects / thirdparty / bird.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b5a259) | patch
ROA Aggregator: Fix crash on multiwithdraw
authorMaria Matejka <mq@ucw.cz>
Tue, 16 Sep 2025 10:04:21 +0000 (12:04 +0200)
committerMaria Matejka <mq@ucw.cz>
Mon, 22 Sep 2025 10:48:37 +0000 (12:48 +0200)
commitac0c034ed5d215823d4facdc2508a0f218532c9b
tree56e45b8304fdb32bece588806db678586f6ff7aatree | snapshot
parent0b5a2599f1e6fd1a29bf6018f9f402242814bac9commit | diff
ROA Aggregator: Fix crash on multiwithdraw

Theoretically, multiple withdraw from the best feed should never happen
but apparently there is an opportunity. We are unable to reproduce that
but it's obvious that with the old code, if the last ROA to remove is at
the end of the list, an undefined memory is checked. If it accidentally
matches (which seems to be pretty rare), BIRD may call memcpy() with
a negative length and subsequently crash on segfault.

Reported-By: NIX-CZ
nest/rt-table.c diff | blob | blame | history
Mirror of https://gitlab.labs.nic.cz/labs/bird.git