Juniper Openstack

  1. Series r3.1
  2. Bug #1607617
  3. Comment #11

Comment 11 for bug 1607617

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/22656
Committed: http://github.org/Juniper/contrail-controller/commit/37498d0a58a6640a6f20530f9eeb87af45ea0dfd
Submitter: Zuul
Branch: R3.1

commit 37498d0a58a6640a6f20530f9eeb87af45ea0dfd
Author: Nischal Sheth <email address hidden>
Date: Fri Jul 29 09:32:26 2016 -0700

Fix buffer overrun in BgpPeer::SendUpdate/FlushUpdate

Since bgp::Send and bgp::StateMachine tasks can run concurrently, the
following sequence of events is possible:

1. SendUpdate is called a few times thus making the buffer close to full
2. State machine task runs and clears the session in the peer
3. SendUpdate is called again with a large message size
4. Causes FlushUpdate to be called as new message doesn't fit in buffer
5. FlushUpdate returns but does not clear buffer_len - this is the bug
6. SendUpdate appends the large message to buffer thus causing overrun

Change-Id: I3a3687a2a9989239c084e1005d9db0cf3398f713
Closes-Bug: 1607617