summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2021-01-05 17:47:59 +0100
committerAndrew Yourtchenko <ayourtch@gmail.com>2021-01-11 12:42:16 +0000
commit56177e64b620b93d3d935cd1f1663e2f7f1e5592 (patch)
tree6c274065b58f6d405a0135afd4729d12ff143a7d
parent68d7c546fa7e6c801031f2922c9be067d64e0f59 (diff)
acl: fix tag C-string overflow
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
-rw-r--r--src/plugins/acl/acl.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 7cde5ce60ad..3fbfcf692ad 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -320,8 +320,13 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
acl_list_t *a;
acl_rule_t *r;
acl_rule_t *acl_new_rules = 0;
+ size_t tag_len;
int i;
+ tag_len = clib_strnlen ((const char *) tag, sizeof (a->tag));
+ if (tag_len == sizeof (a->tag))
+ return VNET_API_ERROR_INVALID_VALUE;
+
if (am->trace_acl > 255)
clib_warning ("API dbg: acl_add_list index %d tag %s", *acl_list_index,
tag);
@@ -399,7 +404,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
vec_free (a->rules);
}
a->rules = acl_new_rules;
- memcpy (a->tag, tag, sizeof (a->tag));
+ memcpy (a->tag, tag, tag_len + 1);
if (am->trace_acl > 255)
warning_acl_print_acl (am->vlib_main, am, *acl_list_index);
if (am->reclassify_sessions)
@@ -1548,9 +1553,14 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
macip_acl_list_t *a;
macip_acl_rule_t *r;
macip_acl_rule_t *acl_new_rules = 0;
+ size_t tag_len;
int i;
int rv = 0;
+ tag_len = clib_strnlen ((const char *) tag, sizeof (a->tag));
+ if (tag_len == sizeof (a->tag))
+ return VNET_API_ERROR_INVALID_VALUE;
+
if (*acl_list_index != ~0)
{
/* They supplied some number, let's see if this MACIP ACL exists */
@@ -1609,7 +1619,7 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
a->rules = acl_new_rules;
a->count = count;
- memcpy (a->tag, tag, sizeof (a->tag));
+ memcpy (a->tag, tag, tag_len + 1);
/* Create and populate the classifier tables */
macip_create_classify_tables (am, *acl_list_index);
@@ -1936,7 +1946,7 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
mp->context = context;
mp->count = htonl (vec_len (acl_rules));
mp->acl_index = htonl (acl - am->acls);
- memcpy (mp->tag, acl->tag, sizeof (mp->tag));
+ snprintf ((char *) mp->tag, sizeof (mp->tag), "%s", acl->tag);
// clib_memcpy (mp->r, acl->rules, acl->count * sizeof(acl->rules[0]));
rules = mp->r;
for (i = 0; i < vec_len (acl_rules); i++)
@@ -2170,7 +2180,7 @@ send_macip_acl_details (acl_main_t * am, vl_api_registration_t * reg,
mp->context = context;
if (acl)
{
- memcpy (mp->tag, acl->tag, sizeof (mp->tag));
+ snprintf ((char *) mp->tag, sizeof (mp->tag), "%s", acl->tag);
mp->count = htonl (acl->count);
mp->acl_index = htonl (acl - am->macip_acls);
rules = mp->r;
@@ -2936,7 +2946,6 @@ acl_set_aclplugin_acl_fn (vlib_main_t * vm,
u32 acl_index = ~0;
if (!tag)
vec_add (tag, "cli", 4);
- vec_validate (tag, STRUCT_SIZE_OF (acl_list_t, tag) - 1);
rv = acl_add_list (vec_len (rules), rules, &acl_index, tag);