From ad686c55c3fad13f39e44ee5732c38296caff782 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sun, 5 Jun 2022 04:03:43 +0200 Subject: [PATCH] Babel: Do not try to remove multicast seqno request objects from neighbour list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Babel seqno request code keeps track of which seqno requests are outstanding for a neighbour by putting them onto a per-neighbour list. When reusing a seqno request, it will try to remove this node, but if the seqno request in question was a multicast request with no neighbour attached this will result in a crash because it tries to remove a list node that wasn't added to any list. Fix this by making the list remove conditional. Also fix neighbor removal which were changing seqno requests to multicast ones instead of removing them. Fixes: ebd5751cdeb4 ("Babel: Seqno requests are properly decoupled from neighbors when the underlying interface disappears"). Based on the patch from Toke Høiland-Jørgensen , bug reported by Stefan Haller , thanks. --- proto/babel/babel.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/proto/babel/babel.c b/proto/babel/babel.c index 4a7d550f..71452a6f 100644 --- a/proto/babel/babel.c +++ b/proto/babel/babel.c @@ -312,7 +312,9 @@ babel_add_seqno_request(struct babel_proto *p, struct babel_entry *e, /* Found older */ rem_node(NODE sr); - rem_node(&sr->nbr_node); + + if (sr->nbr) + rem_node(&sr->nbr_node); goto found; } @@ -452,10 +454,7 @@ babel_flush_neighbor(struct babel_proto *p, struct babel_neighbor *nbr) struct babel_seqno_request *sr; WALK_LIST_FIRST2(sr, nbr_node, nbr->requests) - { - sr->nbr = NULL; - rem_node(&sr->nbr_node); - } + babel_remove_seqno_request(p, sr); nbr->ifa = NULL; rem_node(NODE nbr);