From: Maria Matejka <mq@ucw.cz>
Date: Mon, 23 Dec 2024 16:05:09 +0000 (+0100)
Subject: OSPF: fix stack overflow with too many routes
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fmq-2.16-ospf-stack-overflow;p=thirdparty%2Fbird.git

OSPF: fix stack overflow with too many routes

We should not use alloca() in a loop.

This bug happened around 100k routes in OSPF, which
supposedly nobody runs in production.
---

diff --git a/proto/ospf/rt.c b/proto/ospf/rt.c
index d7753ce0a..6e1544ba5 100644
--- a/proto/ospf/rt.c
+++ b/proto/ospf/rt.c
@@ -2068,9 +2068,14 @@ again1:
 	.pref = p->p.main_channel->preference,
       };
 
+      struct {
+	ea_list l;
+	eattr a[4];
+      } eal;
+
       if (reload || ort_changed(nf, &a0))
       {
-	a0.eattrs = alloca(sizeof(ea_list) + 4 * sizeof(eattr));
+	a0.eattrs = &eal.l;
 	memset(a0.eattrs, 0, sizeof(ea_list));
 
 	nf->old_metric1 = nf->n.metric1;