From d493d0f180e3df1f33d344d8b28cc1743201210b Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 2 Jan 2018 16:57:45 +0100
Subject: [PATCH] BGP: Fix unknown attribute handling

---
 nest/route.h        | 40 ++++++++++++++++++++++++++++++++++++++++
 proto/bgp/attrs.c   |  3 ++-
 proto/bgp/packets.c |  2 ++
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/nest/route.h b/nest/route.h
index 792f79dd..43d7d696 100644
--- a/nest/route.h
+++ b/nest/route.h
@@ -555,6 +555,46 @@ uint ea_hash(ea_list *e);	/* Calculate 16-bit hash value */
 ea_list *ea_append(ea_list *to, ea_list *what);
 void ea_format_bitfield(struct eattr *a, byte *buf, int bufsize, const char **names, int min, int max);
 
+static inline eattr *
+ea_set_attr(ea_list **to, struct linpool *pool, uint id, uint flags, uint type, uintptr_t val)
+{
+  ea_list *a = lp_alloc(pool, sizeof(ea_list) + sizeof(eattr));
+  eattr *e = &a->attrs[0];
+
+  a->flags = EALF_SORTED;
+  a->count = 1;
+  a->next = *to;
+  *to = a;
+
+  e->id = id;
+  e->type = type;
+  e->flags = flags;
+
+  if (type & EAF_EMBEDDED)
+    e->u.data = (u32) val;
+  else
+    e->u.ptr = (struct adata *) val;
+
+  return e;
+}
+
+static inline void
+ea_set_attr_u32(ea_list **to, struct linpool *pool, uint id, uint flags, uint type, u32 val)
+{ ea_set_attr(to, pool, id, flags, type, (uintptr_t) val); }
+
+static inline void
+ea_set_attr_ptr(ea_list **to, struct linpool *pool, uint id, uint flags, uint type, struct adata *val)
+{ ea_set_attr(to, pool, id, flags, type, (uintptr_t) val); }
+
+static inline void
+ea_set_attr_data(ea_list **to, struct linpool *pool, uint id, uint flags, uint type, void *data, uint len)
+{
+  struct adata *a = lp_alloc_adata(pool, len);
+  memcpy(a->data, data, len);
+  ea_set_attr(to, pool, id, flags, type, (uintptr_t) a);
+}
+
+
 #define NEXTHOP_MAX_SIZE (sizeof(struct nexthop) + sizeof(u32)*MPLS_MAX_LABEL_STACK)
 
 static inline size_t nexthop_size(const struct nexthop *nh)
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index fdc981ca..0f41f818 100644
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -701,7 +701,8 @@ bgp_format_mpls_label_stack(eattr *a, byte *buf, uint size)
 static inline void
 bgp_decode_unknown(struct bgp_parse_state *s, uint code, uint flags, byte *data, uint len, ea_list **to)
 {
-  bgp_set_attr_data(to, s->pool, code, flags, data, len);
+  /* Cannot use bgp_set_attr_data() as it works on known attributes only */
+  ea_set_attr_data(to, s->pool, EA_CODE(EAP_BGP, code), flags, EAF_TYPE_OPAQUE, data, len);
 }
 
 
diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c
index ca942880..95a974eb 100644
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -2284,6 +2284,8 @@ bgp_rx_update(struct bgp_conn *conn, byte *pkt, uint len)
 
   if (s.attr_len)
     ea = bgp_decode_attrs(&s, s.attrs, s.attr_len);
+  else
+    ea = NULL;
 
   /* Check for End-of-RIB marker */
   if (!s.attr_len && !s.ip_unreach_len && !s.ip_reach_len)