diff options
| author |   Benoît Ganne <bganne@cisco.com> | 2021-10-12 10:14:30 +0200 |
|---|---|---|
| committer | Beno�t Ganne <bganne@cisco.com> | 2022-09-05 09:29:35 +0000 |
| commit | edb0d4563c2e808a1c7d9101b2c05087ffb3b279 (patch) | |
| tree | a981d8e444a6fb43008676eaabe0781149da0b05 /src/vnet/ip | |
| parent | 934f9b095f2541888eff9c717f2d3e7f793456e0 (diff) | |
ip: fix punt socket overflow
client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.
Type: fix
Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/ip')
| -rw-r--r-- | src/vnet/ip/punt.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/vnet/ip/punt.c b/src/vnet/ip/punt.c index eb191da1394..10deb2e8849 100644 --- a/src/vnet/ip/punt.c +++ b/src/vnet/ip/punt.c @@ -165,7 +165,8 @@ punt_socket_register_l4 (vlib_main_t * vm, punt_client_l4_db_add (af, port, c - pm->punt_client_pool); } - memcpy (c->caddr.sun_path, client_pathname, sizeof (c->caddr.sun_path)); + snprintf (c->caddr.sun_path, sizeof (c->caddr.sun_path), "%s", + client_pathname); c->caddr.sun_family = AF_UNIX; c->reg.type = PUNT_TYPE_L4; c->reg.punt.l4.port = port; @@ -197,7 +198,8 @@ punt_socket_register_ip_proto (vlib_main_t * vm, punt_client_ip_proto_db_add (af, proto, c - pm->punt_client_pool); } - memcpy (c->caddr.sun_path, client_pathname, sizeof (c->caddr.sun_path)); + snprintf (c->caddr.sun_path, sizeof (c->caddr.sun_path), "%s", + client_pathname); c->caddr.sun_family = AF_UNIX; c->reg.type = PUNT_TYPE_IP_PROTO; c->reg.punt.ip_proto.protocol = proto; @@ -227,7 +229,8 @@ punt_socket_register_exception (vlib_main_t * vm, punt_client_exception_db_add (reason, pc - pm->punt_client_pool); } - memcpy (pc->caddr.sun_path, client_pathname, sizeof (pc->caddr.sun_path)); + snprintf (pc->caddr.sun_path, sizeof (pc->caddr.sun_path), "%s", + client_pathname); pc->caddr.sun_family = AF_UNIX; pc->reg.type = PUNT_TYPE_EXCEPTION; pc->reg.punt.exception.reason = reason; |