From bcb3ef5ab848eb648f05a840030df1f230976a70 Mon Sep 17 00:00:00 2001
From: Aaron Conole <aconole@redhat.com>
Date: Wed, 25 Aug 2021 10:37:22 -0400
Subject: [PATCH 4/8] 8021Qaz: check for rx block validity
There is a slim but possible race in the 8021Qaz processing when handling
TLVs during ifdown windows. To address this, check for the rx block
before dereferencing it.
closes https://github.com/intel/openlldp/issues/78
Signed-off-by: Aaron Conole <aconole@redhat.com>
---
lldp_8021qaz.c | 41 ++++++++++++++++++++++++++++-------------
1 file changed, 28 insertions(+), 13 deletions(-)
diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c
index 045bd45..8bb2bc9 100644
--- a/lldp_8021qaz.c
+++ b/lldp_8021qaz.c
@@ -1563,48 +1563,63 @@ static bool unpack_ieee8021qaz_tlvs(struct port *port,
/* Process */
switch (tlv->info[OUI_SIZE]) {
case IEEE8021QAZ_ETSCFG_TLV:
- if (tlvs->rx->etscfg == NULL) {
+ if (tlvs->rx && tlvs->rx->etscfg == NULL) {
tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSCFG;
tlvs->rx->etscfg = tlv;
- } else {
+ } else if (tlvs->rx) {
LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSCFG TLV\n",
__func__, port->ifname);
agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSCFG;
return false;
+ } else {
+ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n",
+ __func__, port->ifname);
+ return false;
}
break;
case IEEE8021QAZ_ETSREC_TLV:
- if (tlvs->rx->etsrec == NULL) {
+ if (tlvs->rx && tlvs->rx->etsrec == NULL) {
tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSREC;
tlvs->rx->etsrec = tlv;
- } else {
+ } else if (tlvs->rx) {
LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSREC TLV\n",
__func__, port->ifname);
agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSREC;
return false;
+ } else {
+ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n",
+ __func__, port->ifname);
+ return false;
}
break;
-
case IEEE8021QAZ_PFC_TLV:
- if (tlvs->rx->pfc == NULL) {
+ if (tlvs->rx && tlvs->rx->pfc == NULL) {
tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_PFC;
tlvs->rx->pfc = tlv;
- } else {
+ } else if (tlvs->rx) {
LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate PFC TLV\n",
__func__, port->ifname);
agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_PFC;
return false;
+ } else {
+ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n",
+ __func__, port->ifname);
+ return false;
}
break;
case IEEE8021QAZ_APP_TLV:
- if (tlvs->rx->app == NULL) {
+ if (tlvs->rx && tlvs->rx->app == NULL) {
tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_APP;
tlvs->rx->app = tlv;
- } else {
+ } else if (tlvs->rx) {
LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate APP TLV\n",
__func__, port->ifname);
agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_APP;
return false;
+ } else {
+ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n",
+ __func__, port->ifname);
+ return false;
}
break;
default:
@@ -1891,26 +1906,26 @@ static void ieee8021qaz_mibUpdateObjects(struct port *port)
tlvs = ieee8021qaz_data(port->ifname);
- if (tlvs->rx->etscfg) {
+ if (tlvs->rx && tlvs->rx->etscfg) {
process_ieee8021qaz_etscfg_tlv(port);
} else if (tlvs->ets->cfgr) {
free(tlvs->ets->cfgr);
tlvs->ets->cfgr = NULL;
}
- if (tlvs->rx->etsrec) {
+ if (tlvs->rx && tlvs->rx->etsrec) {
process_ieee8021qaz_etsrec_tlv(port);
} else if (tlvs->ets->recr) {
free(tlvs->ets->recr);
tlvs->ets->recr = NULL;
}
- if (tlvs->rx->pfc)
+ if (tlvs->rx && tlvs->rx->pfc)
process_ieee8021qaz_pfc_tlv(port);
else if (tlvs->pfc)
tlvs->pfc->remote_param = false;
- if (tlvs->rx->app)
+ if (tlvs->rx && tlvs->rx->app)
process_ieee8021qaz_app_tlv(port);
else
ieee8021qaz_app_reset(&tlvs->app_head);
--
2.31.1