CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2023/06/01 03:47:35
Modified files:
usr.sbin/bgpd : kroute.c
Log message:
Check the F_NEXTHOP flag on the right kroute6 object.
On multipath routes the check ended up checking the wrong route for the
nexthop update. This resulted in a use-after-free in kroute_detach_nexthop().
This only affects IPv6 in the IPv4 code path the right object was already used.
Thanks to sthen@ for providing the debug information to track this down.
OK sthen@ tb@
