From ac7341a18146bf0f0b2c60477c4292a9cd428a87 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Fri, 19 May 2023 01:02:57 +0200 Subject: [PATCH 1/3] BGP: Fix role check when no capability option is present When an OPEN message without capability options was parsed, the remote role field was not initialized with the proper (non-zero) default value, so it was interpreted as if 'provider' was announced. Thanks to Mikhail Grishin for the bugreport. --- proto/bgp/packets.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index b9537169..6e6e41ca 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -215,6 +215,13 @@ bgp_af_caps_cmp(const void *X, const void *Y) return (x->afi < y->afi) ? -1 : (x->afi > y->afi) ? 1 : 0; } +struct bgp_caps * +bgp_alloc_capabilities(struct bgp_proto *p, int n) +{ + struct bgp_caps *caps = mb_allocz(p->p.pool, sizeof(struct bgp_caps) + n * sizeof(struct bgp_af_caps)); + caps->role = BGP_ROLE_UNDEFINED; + return caps; +} void bgp_prepare_capabilities(struct bgp_conn *conn) @@ -227,13 +234,13 @@ bgp_prepare_capabilities(struct bgp_conn *conn) if (!p->cf->capabilities) { /* Just prepare empty local_caps */ - conn->local_caps = mb_allocz(p->p.pool, sizeof(struct bgp_caps)); + conn->local_caps = bgp_alloc_capabilities(p, 0); return; } /* Prepare bgp_caps structure */ int n = list_length(&p->p.channels); - caps = mb_allocz(p->p.pool, sizeof(struct bgp_caps) + n * sizeof(struct bgp_af_caps)); + caps = bgp_alloc_capabilities(p, n); conn->local_caps = caps; caps->as4_support = p->cf->enable_as4; @@ -464,10 +471,7 @@ bgp_read_capabilities(struct bgp_conn *conn, byte *pos, int len) u32 af; if (!conn->remote_caps) - { - caps = mb_allocz(p->p.pool, sizeof(struct bgp_caps) + sizeof(struct bgp_af_caps)); - caps->role = BGP_ROLE_UNDEFINED; - } + caps = bgp_alloc_capabilities(p, 1); else { caps = conn->remote_caps; @@ -763,7 +767,7 @@ bgp_read_options(struct bgp_conn *conn, byte *pos, uint len, uint rest) /* Prepare empty caps if no capability option was announced */ if (!conn->remote_caps) - conn->remote_caps = mb_allocz(p->p.pool, sizeof(struct bgp_caps)); + conn->remote_caps = bgp_alloc_capabilities(p, 0); return 0; From 1499a335f6f44a0fd85365e404c2a11842d7f75c Mon Sep 17 00:00:00 2001 From: Maria Matejka Date: Thu, 22 Jun 2023 16:07:28 +0200 Subject: [PATCH 2/3] Filter: Fixed segfault when a case option had an empty block Thanks to Kobayashi_Bairuo for reporting. --- filter/decl.m4 | 6 ++---- filter/f-inst.c | 1 - filter/test.conf | 25 ++++++++++++++++++++++++- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/filter/decl.m4 b/filter/decl.m4 index 5b35b672..7c863bdc 100644 --- a/filter/decl.m4 +++ b/filter/decl.m4 @@ -200,7 +200,7 @@ FID_INTERPRET_BODY()') # Executing another filter line. This replaces the recursion # that was needed in the former implementation. m4_define(LINEX, `FID_INTERPRET_EXEC()LINEX_($1)FID_INTERPRET_NEW()return $1 FID_INTERPRET_BODY()') -m4_define(LINEX_, `do { +m4_define(LINEX_, `do if ($1) { fstk->estk[fstk->ecnt].pos = 0; fstk->estk[fstk->ecnt].line = $1; fstk->estk[fstk->ecnt].ventry = fstk->vcnt; @@ -227,9 +227,7 @@ if (!f_same(f1->fl$1, f2->fl$1)) return 0; FID_ITERATE_BODY()m4_dnl if (whati->fl$1) BUFFER_PUSH(fit->lines) = whati->fl$1; FID_INTERPRET_EXEC()m4_dnl -do { if (whati->fl$1) { - LINEX_(whati->fl$1); -} } while(0) +LINEX_(whati->fl$1) FID_INTERPRET_NEW()m4_dnl return whati->f$1 FID_INTERPRET_BODY()') diff --git a/filter/f-inst.c b/filter/f-inst.c index e4b47ff4..33436853 100644 --- a/filter/f-inst.c +++ b/filter/f-inst.c @@ -1327,7 +1327,6 @@ FID_HIC(,break,return NULL); } } - /* It is actually possible to have t->data NULL */ LINEX(t->data); } diff --git a/filter/test.conf b/filter/test.conf index 600c551e..e9e3af89 100644 --- a/filter/test.conf +++ b/filter/test.conf @@ -38,6 +38,18 @@ bt_test_same(onef, onef, 1); bt_test_same(onef, oneg, 1); bt_test_same(onef, twof, 0); +/* + * Testing filter corner cases + * --------------------------- + */ + +function t_nothing() {} +bt_test_suite(t_nothing, "Testing nothing"); + +function t_metanothing() { t_nothing(); } +bt_test_suite(t_metanothing, "Testing meta nothing"); + + /* * Testing boolean expressions * --------------------------- @@ -76,6 +88,14 @@ bt_test_suite(t_bool, "Testing boolean expressions"); * ---------------- */ +function aux_t_int(int t; int u) +{ + case t { + 1: {} + else: {} + } +} + define four = 4; define xyzzy = (120+10); define '1a-a1' = (xyzzy-100); @@ -120,7 +140,10 @@ function t_int() else: bt_assert(false); } - + aux_t_int(1, 2); + aux_t_int(1, 3); + aux_t_int(2, 3); + aux_t_int(2, 2); } bt_test_suite(t_int, "Testing integers"); From 52bae235b716a3c8d629ddf1306178568c69833f Mon Sep 17 00:00:00 2001 From: Maria Matejka Date: Thu, 22 Jun 2023 16:14:12 +0200 Subject: [PATCH 3/3] NEWS and version update --- NEWS | 6 ++++++ misc/bird.spec | 2 +- sysdep/config.h | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 070f8d2f..30f3b932 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +Version 2.13.1 (2023-06-23) + o BGP: Fix role check when no capability option is present + o Filter: Fixed segfault when a case option had an empty block + + This is a bugfix version. + Version 2.13 (2023-04-21) o Babel: IPv4 via IPv6 extension (RFC 9229) o Babel: Improve authentication on lossy networks diff --git a/misc/bird.spec b/misc/bird.spec index af534c64..2fa6c2bf 100644 --- a/misc/bird.spec +++ b/misc/bird.spec @@ -1,6 +1,6 @@ Summary: BIRD Internet Routing Daemon Name: bird -Version: 2.13 +Version: 2.13.1 Release: 1 Copyright: GPL Group: Networking/Daemons diff --git a/sysdep/config.h b/sysdep/config.h index 80b8d671..cf5787d0 100644 --- a/sysdep/config.h +++ b/sysdep/config.h @@ -13,7 +13,7 @@ #ifdef GIT_LABEL #define BIRD_VERSION XSTR1(GIT_LABEL) #else -#define BIRD_VERSION "2.13" +#define BIRD_VERSION "2.13.1" #endif /* Include parameters determined by configure script */