bgpd: When creating extra from stack ensure it is zero'ed out

donaldsharp · donaldsharp · commit 8d6393ce8fc0 · 2019-10-15T13:18:13.000-04:00
BGP code assumes that the extra data is zero'ed out.  Ensure that we
are not leaving any situation that the data on the stack is actually all
0's when we pass it around as a pointer later.

Please note in issue #5025, Lou reported a different valgrind
issue, which is not the same issue:

==7313== Conditional jump or move depends on uninitialised value(s)
==7313== at 0x181F9F: subgroup_announce_check (bgp_route.c:1555)
==7313== by 0x1A112B: subgroup_announce_table (bgp_updgrp_adv.c:641)
==7313== by 0x1A1340: subgroup_announce_route (bgp_updgrp_adv.c:704)
==7313== by 0x1A13E3: subgroup_coalesce_timer (bgp_updgrp_adv.c:331)
==7313== by 0x4EBA615: thread_call (thread.c:1531)
==7313== by 0x4E8AC37: frr_run (libfrr.c:1052)
==7313== by 0x1429E0: main (bgp_main.c:486)
==7313==
==7313== Conditional jump or move depends on uninitialised value(s)
==7313== at 0x201C0E: rfapi_vty_out_vncinfo (rfapi_vty.c:429)
==7313== by 0x18D0D6: route_vty_out (bgp_route.c:7481)
==7313== by 0x18DD76: bgp_show_table (bgp_route.c:9365)
==7313== by 0x1930C4: bgp_show_table_rd (bgp_route.c:9471)
==7313== by 0x1932A3: bgp_show (bgp_route.c:9510)
==7313== by 0x193E68: show_ip_bgp_json (bgp_route.c:10284)
==7313== by 0x4E6D024: cmd_execute_command_real.isra.2 (command.c:1072)
==7313== by 0x4E6F51E: cmd_execute_command (command.c:1131)
==7313== by 0x4E6F686: cmd_execute (command.c:1285)
==7313== by 0x4EBF9C4: vty_command (vty.c:516)
==7313== by 0x4EBFB9F: vty_execute (vty.c:1285)
==7313== by 0x4EC250F: vtysh_read (vty.c:2119)
==7313==

that is causing the actual crash.

Signed-off-by: Donald Sharp &lt;sharpd@cumulusnetworks.com&gt;
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
@@ -1785,9 +1785,9 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_path_info *pi,
 
 	/* Route map & unsuppress-map apply. */
 	if (ROUTE_MAP_OUT_NAME(filter) || (pi->extra && pi->extra->suppress)) {
-		struct bgp_path_info rmap_path;
-		struct bgp_path_info_extra dummy_rmap_path_extra;
-		struct attr dummy_attr;
+		struct bgp_path_info rmap_path = {0};
+		struct bgp_path_info_extra dummy_rmap_path_extra = {0};
+		struct attr dummy_attr = {0};
 
 		memset(&rmap_path, 0, sizeof(struct bgp_path_info));
 		rmap_path.peer = peer;
diff --git a/bgpd/rfapi/rfapi_import.c b/bgpd/rfapi/rfapi_import.c
@@ -2179,8 +2179,8 @@ static struct bgp_path_info *rfapiItBiIndexSearch(
 {
 	struct skiplist *sl;
 	int rc;
-	struct bgp_path_info bpi_fake;
-	struct bgp_path_info_extra bpi_extra;
+	struct bgp_path_info bpi_fake = {0};
+	struct bgp_path_info_extra bpi_extra = {0};
 	struct bgp_path_info *bpi_result;
 
 	sl = RFAPI_RDINDEX(rn);
