From 6c654add371fb47f50b96a2a2e32566313ed74ab Mon Sep 17 00:00:00 2001 From: tinselcity Date: Thu, 2 Oct 2025 18:17:26 -0700 Subject: [PATCH] prevent use-after-free in local printing if dumping immediately after flushing interface. updating comment. flushing neighbours associated with flushed interface. flushing neighbours associated with flushed interface. --- interface.c | 13 +++++++++++++ neighbour.c | 2 +- neighbour.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/interface.c b/interface.c index e8d4b1e3..efe08bea 100644 --- a/interface.c +++ b/interface.c @@ -101,6 +101,7 @@ int flush_interface(char *ifname) { struct interface *ifp, *prev; + struct neighbour *neigh; prev = NULL; ifp = interfaces; @@ -114,6 +115,18 @@ flush_interface(char *ifname) if(ifp == NULL) return 0; + /* flush any neighbours associated with interface */ + neigh = neighs; + while(neigh) { + if(neigh->ifp == ifp) { + struct neighbour *old = neigh; + neigh = neigh->next; + flush_neighbour(old); + continue; + } + neigh = neigh->next; + } + interface_updown(ifp, 0); if(prev) prev->next = ifp->next; diff --git a/neighbour.c b/neighbour.c index 8b785c76..82a79ef5 100644 --- a/neighbour.c +++ b/neighbour.c @@ -54,7 +54,7 @@ find_neighbour_nocreate(const unsigned char *address, struct interface *ifp) return NULL; } -static void +void flush_neighbour(struct neighbour *neigh) { flush_neighbour_routes(neigh); diff --git a/neighbour.h b/neighbour.h index e34065e5..a0f8495b 100644 --- a/neighbour.h +++ b/neighbour.h @@ -68,6 +68,7 @@ struct neighbour *find_neighbour(const unsigned char *address, int update_neighbour(struct neighbour *neigh, struct hello_history *hist, int unicast, int hello, int hello_interval); unsigned check_neighbours(void); +void flush_neighbour(struct neighbour *neigh); unsigned neighbour_txcost(struct neighbour *neigh); unsigned neighbour_rxcost(struct neighbour *neigh); unsigned neighbour_rttcost(struct neighbour *neigh);