From 17da427c794032bef0feecf9abdc21d4f78fe4eb Mon Sep 17 00:00:00 2001 From: Maria Matejka Date: Wed, 21 May 2025 13:53:35 +0200 Subject: [PATCH] ASPA: fix aspa_check_upstream and aspa_check_downstream parse crash Due to internal differences between BIRD 2 and 3, there is FI_CURRENT_ROUTE in BIRD 3 and `val.rte == NULL` is not supported as a shortcut for fetching the route object. When merging, we forgot to fix this difference in the BGP config parser, thus the constant folder failed to recognize that this is not a constant expression, leading to accidentally dereference the NULL route pointer in config parse time. This fixes #247. --- proto/bgp/config.Y | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proto/bgp/config.Y b/proto/bgp/config.Y index aafd44ff7..daca00c4f 100644 --- a/proto/bgp/config.Y +++ b/proto/bgp/config.Y @@ -389,7 +389,7 @@ CF_CLI(RELOAD BGP OUT, proto_patt, [], [[Refresh routes to neighbor]]) term: ASPA_CHECK_DOWNSTREAM '(' rtable ')' { $$ = f_new_inst(FI_ASPA_CHECK_EXPLICIT, f_new_inst(FI_EA_GET, - f_new_inst(FI_CONSTANT, (struct f_val) { .type = T_ROUTE, .val.rte = NULL, }), + f_new_inst(FI_CURRENT_ROUTE), ea_class_find_by_name("bgp_path") ), f_new_inst(FI_CONSTANT, (struct f_val) { .type = T_BOOL, .val.i = 0, }), @@ -400,7 +400,7 @@ term: ASPA_CHECK_DOWNSTREAM '(' rtable ')' { $$ = term: ASPA_CHECK_UPSTREAM '(' rtable ')' { $$ = f_new_inst(FI_ASPA_CHECK_EXPLICIT, f_new_inst(FI_EA_GET, - f_new_inst(FI_CONSTANT, (struct f_val) { .type = T_ROUTE, .val.rte = NULL, }), + f_new_inst(FI_CURRENT_ROUTE), ea_class_find_by_name("bgp_path") ), f_new_inst(FI_CONSTANT, (struct f_val) { .type = T_BOOL, .val.i = 1, }), -- 2.47.2