Fix buffer overrun in BgpPeer::SendUpdate/FlushUpdate
Since bgp::Send and bgp::StateMachine tasks can run concurrently, the
following sequence of events is possible:
1. SendUpdate is called a few times thus making the buffer close to full
2. State machine task runs and clears the session in the peer
3. SendUpdate is called again with a large message size
4. Causes FlushUpdate to be called as new message doesn't fit in buffer
5. FlushUpdate returns but does not clear buffer_len - this is the bug
6. SendUpdate appends the large message to buffer thus causing overrun
Reviewed: https:/ /review. opencontrail. org/22656 github. org/Juniper/ contrail- controller/ commit/ 37498d0a58a6640 a6f20530f9eeb87 af45ea0dfd
Committed: http://
Submitter: Zuul
Branch: R3.1
commit 37498d0a58a6640 a6f20530f9eeb87 af45ea0dfd
Author: Nischal Sheth <email address hidden>
Date: Fri Jul 29 09:32:26 2016 -0700
Fix buffer overrun in BgpPeer: :SendUpdate/ FlushUpdate
Since bgp::Send and bgp::StateMachine tasks can run concurrently, the
following sequence of events is possible:
1. SendUpdate is called a few times thus making the buffer close to full
2. State machine task runs and clears the session in the peer
3. SendUpdate is called again with a large message size
4. Causes FlushUpdate to be called as new message doesn't fit in buffer
5. FlushUpdate returns but does not clear buffer_len - this is the bug
6. SendUpdate appends the large message to buffer thus causing overrun
Change-Id: I3a3687a2a99892 39c084e1005d9db 0cf3398f713
Closes-Bug: 1607617