ospfd: fix lsa_refresh_walker unlock before use bug
* ospf_lsa.c: (ospf_lsa_refresh_walker) fix an "unlock before use" bug
(various) add asserts for lsa refcounting.
diff --git a/ospfd/ospf_lsa.c b/ospfd/ospf_lsa.c
index e708d5e..dbf0f41 100644
--- a/ospfd/ospf_lsa.c
+++ b/ospfd/ospf_lsa.c
@@ -3608,6 +3608,7 @@
{
struct external_info *ei;
assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF));
+ assert (lsa->lock > 0);
switch (lsa->data->type)
{
@@ -3650,6 +3651,7 @@
{
u_int16_t index, current_index;
+ assert (lsa->lock > 0);
assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF));
if (lsa->refresh_list < 0)
@@ -3692,6 +3694,7 @@
void
ospf_refresher_unregister_lsa (struct ospf *ospf, struct ospf_lsa *lsa)
{
+ assert (lsa->lock > 0);
assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF));
if (lsa->refresh_list >= 0)
{
@@ -3744,6 +3747,8 @@
refresh_list = ospf->lsa_refresh_queue.qs [i];
+ assert (i >= 0);
+
ospf->lsa_refresh_queue.qs [i] = NULL;
if (refresh_list)
@@ -3755,8 +3760,8 @@
"refresh lsa %p (slot %d)",
inet_ntoa (lsa->data->id), lsa, i);
+ assert (lsa->lock > 0);
list_delete_node (refresh_list, node);
- ospf_lsa_unlock (&lsa); /* lsa_refresh_queue */
lsa->refresh_list = -1;
listnode_add (lsa_to_refresh, lsa);
}
@@ -3769,7 +3774,11 @@
ospf->lsa_refresher_started = quagga_time (NULL);
for (ALL_LIST_ELEMENTS (lsa_to_refresh, node, nnode, lsa))
- ospf_lsa_refresh (ospf, lsa);
+ {
+ ospf_lsa_refresh (ospf, lsa);
+ assert (lsa->lock > 0);
+ ospf_lsa_unlock (&lsa); /* lsa_refresh_queue & temp for lsa_to_refresh*/
+ }
list_delete (lsa_to_refresh);