On Wed, Jun 15, 2022 at 04:34:41PM +0200, Claudio Jeker wrote:
> Found by accident. If the pfkey message failed (sadb_msg_errno is set)
> then the pfkey code ends in an infinite loop because the erroneous message
> is not removed from the queue.
>
> pfkey_read() PEEKS at the message and returns 0 since it is what we
> expect. pfkey_reply() realizes it is an error and returns -1 but the
> message is still in the buffer. Once we hit the poll loop the fd
> immediatly triggers since the message is still in the buffer and we call
> pfkey_read() which peeks at the message and returns 0 ...
>
> Fix is simple, need to flush the message out in the error case.
ok
> --
> :wq Claudio
>
> Index: pfkey.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 pfkey.c
> --- pfkey.c 15 Jun 2022 14:09:30 -0000 1.63
> +++ pfkey.c 15 Jun 2022 14:23:39 -0000
> @@ -469,6 +469,9 @@ pfkey_reply(int sd, uint32_t *spi)
> return (0);
> else {
> log_warn("pfkey");
> + /* discard error message */
> + if (read(sd, &hdr, sizeof(hdr)) == -1)
> + log_warn("pfkey read");
> return (-1);
> }
> }
>
