From 9d716cdc3bab6f2772136afa276e2208278b14cf Mon Sep 17 00:00:00 2001
From: Dave Barach <dave@barachs.net>
Date: Sat, 23 Jul 2016 19:25:37 -0400
Subject: VPP-108: fix buffer overrun

Probably not seen (yet) in practice due to the message ring allocation
scheme.

Change-Id: I7f01b5c09e0a172ad43ec3b8416e2791cada6122
Signed-off-by: Dave Barach <dave@barachs.net>
---
 vpp/vpp-api/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c
index b47dc9e8..feb1a61a 100644
--- a/vpp/vpp-api/api.c
+++ b/vpp/vpp-api/api.c
@@ -6953,7 +6953,7 @@ static void vl_api_classify_table_ids_t_handler (vl_api_classify_table_ids_t *mp
     count = vec_len(table_ids);
 
     vl_api_classify_table_ids_reply_t *rmp;
-    rmp = vl_msg_api_alloc_as_if_client(sizeof (*rmp) + count);
+    rmp = vl_msg_api_alloc_as_if_client(sizeof (*rmp) + count * sizeof(u32));
     rmp->_vl_msg_id = ntohs (VL_API_CLASSIFY_TABLE_IDS_REPLY);
     rmp->context = mp->context;
     rmp->count = ntohl(count);
-- 
cgit 1.2.3-korg