Browse Source

Revert "lib: call filter delete hook before freeing access list"

This reverts commit 6a2e0f36b103386e57dbe3a6ee4716e809111198.

This introduces bugs, as callers are using the same hook for add/delete.
Using a pattern of looking up the access-list by name, and updating their
internal references by its result.  With the access-list still active when
the delete hook is called, this swaps a NULL deref in one hook for
use-after-frees in many other places.

See https://bugzilla.quagga.net/show_bug.cgi?id=945
Paul Jakma 1 year ago
parent
commit
6c1ea42482
1 changed files with 6 additions and 6 deletions
  1. 6 6
      lib/filter.c

+ 6 - 6
lib/filter.c

@@ -1337,13 +1337,13 @@ DEFUN (no_access_list_all,
 
   master = access->master;
 
+  /* Delete all filter from access-list. */
+  access_list_delete (access);
+
   /* Run hook function. */
   if (master->delete_hook)
     (*master->delete_hook) (access);
  
-  /* Delete all filter from access-list. */
-  access_list_delete (access);
-
   return CMD_SUCCESS;
 }
 
@@ -1508,13 +1508,13 @@ DEFUN (no_ipv6_access_list_all,
 
   master = access->master;
 
+  /* Delete all filter from access-list. */
+  access_list_delete (access);
+
   /* Run hook function. */
   if (master->delete_hook)
     (*master->delete_hook) (access);
 
-  /* Delete all filter from access-list. */
-  access_list_delete (access);
-
   return CMD_SUCCESS;
 }