ospfd: Fix bug in 94266fa822ba, nbr_self rebuild didn't add valid nbr_self

* 94266fa822ba "ospfd: Self nbrs needs to be rebuilt when router ID changes."
  deleted the nbr_self, and added it back, but ospf_nbr_add_self doesn't
  actually create the nbr_self - it assumes it's already there. Leading
  to use after free and crashes after a router-id change.
* ospfd/ospf_neighbor.{c,h}: (ospf_nbr_self_reset) Little helper to reset the
  nbr_self correctly.
* ospf_interface.c: (ospf_if_cleanup) moved code to ospf_nbr_self_reset
* ospfd.c: (ospf_router_id_update) Use ospf_nbr_self_reset instead of doing
  the reset badly, fixing 94266fa822ba.

(cherry picked from commit c920e510d09c6c4ab63a3da5375009442a950f82)

diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
index 628091963edfed7a779166411a67c9b965e2f44f..5b6be1c8dce1546c5e38e7dc2e60bdf9b8547263 100644 (file)
--- a/ospfd/ospf_interface.c
+++ b/ospfd/ospf_interface.c
@@ -297,9 +297,7 @@ ospf_if_cleanup (struct ospf_interface *oi)
   ospf_ls_upd_queue_empty (oi);
   
   /* Reset pseudo neighbor. */
-  ospf_nbr_delete (oi->nbr_self);
-  oi->nbr_self = ospf_nbr_new (oi);
-  ospf_nbr_add_self (oi);
+  ospf_nbr_self_reset (oi);
 }
 
 void

diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
index afc74d2b00d4a85bc28174cb471dc44c7ec2a56f..83f91ad5399849ec7da02b2c10caade260f12e07 100644 (file)
--- a/ospfd/ospf_neighbor.c
+++ b/ospfd/ospf_neighbor.c
@@ -206,6 +206,15 @@ ospf_nbr_bidirectional (struct in_addr *router_id,
   return 0;
 }
 
+/* reset nbr_self */
+void
+ospf_nbr_self_reset (struct ospf_interface *oi)
+{
+  ospf_nbr_delete (oi->nbr_self);
+  oi->nbr_self = ospf_nbr_new (oi);
+  ospf_nbr_add_self (oi);
+}
+
 /* Add self to nbr list. */
 void
 ospf_nbr_add_self (struct ospf_interface *oi)

diff --git a/ospfd/ospf_neighbor.h b/ospfd/ospf_neighbor.h
index 7118dd0210affd94d8e3ade693cee598490ecee7..81e212b573b0a4bf458449e888bb6302d8313fd2 100644 (file)
--- a/ospfd/ospf_neighbor.h
+++ b/ospfd/ospf_neighbor.h
@@ -102,6 +102,7 @@ extern struct ospf_neighbor *ospf_nbr_new (struct ospf_interface *);
 extern void ospf_nbr_free (struct ospf_neighbor *);
 extern void ospf_nbr_delete (struct ospf_neighbor *);
 extern int ospf_nbr_bidirectional (struct in_addr *, struct in_addr *, int);
+extern void ospf_nbr_self_reset (struct ospf_interface *);
 extern void ospf_nbr_add_self (struct ospf_interface *);
 extern int ospf_nbr_count (struct ospf_interface *, int);
 #ifdef HAVE_OPAQUE_LSA

diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
index 7af6ddc379d4f8894ea4e81c80d6d48d7618a6c4..050cbad19611cf51161850e93393d1140ebf890e 100644 (file)
--- a/ospfd/ospfd.c
+++ b/ospfd/ospfd.c
@@ -124,8 +124,7 @@ ospf_router_id_update (struct ospf *ospf)
           * oi->nbr_self->router_id = router_id for
           * !(virtual | ptop) links
           */
-         ospf_nbr_delete(oi->nbr_self);
-         ospf_nbr_add_self(oi);
+         ospf_nbr_self_reset (oi);
        }
 
       /* If AS-external-LSA is queued, then flush those LSAs. */