When removing non-transitive extended communities from the attribute new
memory is allocated. This memory needs to be freed in all cases.
community_ext_delete_non_trans() will either return NULL (and nlen set to 0)
or malloc new memory. After writing that memory to the UDPATE buffer it
needs to be freed.
This will slowly leak memory when extended communities are sent to peers.
Found by accident :)
--
:wq Claudio
Index: rde_update.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_update.c,v
retrieving revision 1.104
diff -u -p -r1.104 rde_update.c
--- rde_update.c 28 Nov 2018 08:32:27 -0000 1.104
+++ rde_update.c 29 Nov 2018 11:10:53 -0000
@@ -765,7 +765,7 @@ up_generate_attr(struct rde_peer *peer,
u_int16_t len = sizeof(up_attr_buf), wlen = 0, plen;
u_int8_t l;
u_int16_t nlen = 0;
- u_char *ndata = NULL;
+ u_char *ndata;
/* origin */
if ((r = attr_write(up_attr_buf + wlen, len, ATTR_WELL_KNOWN,
@@ -902,6 +902,7 @@ up_generate_attr(struct rde_peer *peer,
free(ndata);
return (-1);
}
+ free(ndata);
} else {
/* everything got removed */
r = 0;
