summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
authorAequitas <wang.junqi@zte.com.cn>2017-09-23 12:58:49 +0800
committerFlorin Coras <florin.coras@gmail.com>2017-09-26 05:22:28 +0000
commitfc4510bbdb85c5bd6ff4fc69996e78d568254091 (patch)
tree2f2ab2899bb9ab5136a8358fba77166d6ed36e05 /src/plugins/nat
parentf91fe3b060d58713d24e302abaf950556c26601e (diff)
Memory overwritten when using unformat %u (VPP-987)
Change-Id: I7d8f807fb502d61688aa1dee25fa4edcbeb32f41 Signed-off-by: Aequitas <wang.junqi@zte.com.cn>
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat.c14
-rw-r--r--src/plugins/nat/nat64_cli.c8
-rw-r--r--src/plugins/nat/nat_test.c16
3 files changed, 19 insertions, 19 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 612085fc132..944162556d3 100644
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -3151,7 +3151,7 @@ snat_det_close_session_out_fn (vlib_main_t *vm,
snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
ip4_address_t out_addr, ext_addr, in_addr;
- u16 out_port, ext_port;
+ u32 out_port, ext_port;
snat_det_map_t * dm;
snat_det_session_t * ses;
snat_det_out_key_t key;
@@ -3182,10 +3182,10 @@ snat_det_close_session_out_fn (vlib_main_t *vm,
vlib_cli_output (vm, "no match");
else
{
- snat_det_reverse(dm, &ext_addr, out_port, &in_addr);
+ snat_det_reverse(dm, &ext_addr, (u16)out_port, &in_addr);
key.ext_host_addr = out_addr;
- key.ext_host_port = ntohs(ext_port);
- key.out_port = ntohs(out_port);
+ key.ext_host_port = ntohs((u16)ext_port);
+ key.out_port = ntohs((u16)out_port);
ses = snat_det_get_ses_by_out(dm, &out_addr, key.as_u64);
if (!ses)
vlib_cli_output (vm, "no match");
@@ -3222,7 +3222,7 @@ snat_det_close_session_in_fn (vlib_main_t *vm,
snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
ip4_address_t in_addr, ext_addr;
- u16 in_port, ext_port;
+ u32 in_port, ext_port;
snat_det_map_t * dm;
snat_det_session_t * ses;
snat_det_out_key_t key;
@@ -3254,8 +3254,8 @@ snat_det_close_session_in_fn (vlib_main_t *vm,
else
{
key.ext_host_addr = ext_addr;
- key.ext_host_port = ntohs (ext_port);
- ses = snat_det_find_ses_by_in (dm, &in_addr, ntohs(in_port), key);
+ key.ext_host_port = ntohs ((u16)ext_port);
+ ses = snat_det_find_ses_by_in (dm, &in_addr, ntohs((u16)in_port), key);
if (!ses)
vlib_cli_output (vm, "no match");
else
diff --git a/src/plugins/nat/nat64_cli.c b/src/plugins/nat/nat64_cli.c
index 8890038700a..f3645bbbe0b 100644
--- a/src/plugins/nat/nat64_cli.c
+++ b/src/plugins/nat/nat64_cli.c
@@ -301,8 +301,8 @@ nat64_add_del_static_bib_command_fn (vlib_main_t *
u8 is_add = 1;
ip6_address_t in_addr;
ip4_address_t out_addr;
- u16 in_port = 0;
- u16 out_port = 0;
+ u32 in_port = 0;
+ u32 out_port = 0;
u32 vrf_id = 0, protocol;
snat_protocol_t proto = 0;
u8 p = 0;
@@ -362,8 +362,8 @@ nat64_add_del_static_bib_command_fn (vlib_main_t *
}
rv =
- nat64_add_del_static_bib_entry (&in_addr, &out_addr, in_port, out_port, p,
- vrf_id, is_add);
+ nat64_add_del_static_bib_entry (&in_addr, &out_addr, (u16) in_port,
+ (u16) out_port, p, vrf_id, is_add);
switch (rv)
{
diff --git a/src/plugins/nat/nat_test.c b/src/plugins/nat/nat_test.c
index b653b77e40c..e0b0494048b 100644
--- a/src/plugins/nat/nat_test.c
+++ b/src/plugins/nat/nat_test.c
@@ -846,7 +846,7 @@ static int api_snat_det_reverse (vat_main_t * vam)
unformat_input_t * i = vam->input;
vl_api_snat_det_reverse_t * mp;
ip4_address_t out_addr;
- u16 out_port;
+ u32 out_port;
int ret;
if (unformat (i, "%U %d", unformat_ip4_address, &out_addr, &out_port))
@@ -859,7 +859,7 @@ static int api_snat_det_reverse (vat_main_t * vam)
M(SNAT_DET_REVERSE, mp);
clib_memcpy(mp->out_addr, &out_addr, 4);
- mp->out_port = htons(out_port);
+ mp->out_port = htons((u16)out_port);
S(mp);
W(ret);
@@ -981,7 +981,7 @@ static int api_snat_det_close_session_out (vat_main_t * vam)
unformat_input_t * i = vam->input;
vl_api_snat_det_close_session_out_t * mp;
ip4_address_t out_addr, ext_addr;
- u16 out_port, ext_port;
+ u32 out_port, ext_port;
int ret;
if (unformat (i, "%U:%d %U:%d",
@@ -996,9 +996,9 @@ static int api_snat_det_close_session_out (vat_main_t * vam)
M(SNAT_DET_CLOSE_SESSION_OUT, mp);
clib_memcpy(mp->out_addr, &out_addr, 4);
- mp->out_port = ntohs(out_port);
+ mp->out_port = ntohs((u16)out_port);
clib_memcpy(mp->ext_addr, &ext_addr, 4);
- mp->ext_port = ntohs(ext_port);
+ mp->ext_port = ntohs((u16)ext_port);
S(mp);
W (ret);
@@ -1010,7 +1010,7 @@ static int api_snat_det_close_session_in (vat_main_t * vam)
unformat_input_t * i = vam->input;
vl_api_snat_det_close_session_in_t * mp;
ip4_address_t in_addr, ext_addr;
- u16 in_port, ext_port;
+ u32 in_port, ext_port;
int ret;
if (unformat (i, "%U:%d %U:%d",
@@ -1025,9 +1025,9 @@ static int api_snat_det_close_session_in (vat_main_t * vam)
M(SNAT_DET_CLOSE_SESSION_IN, mp);
clib_memcpy(mp->in_addr, &in_addr, 4);
- mp->in_port = ntohs(in_port);
+ mp->in_port = ntohs((u16)in_port);
clib_memcpy(mp->ext_addr, &ext_addr, 4);
- mp->ext_port = ntohs(ext_port);
+ mp->ext_port = ntohs((u16)ext_port);
S(mp);
W (ret);