aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2021-10-12 10:14:30 +0200
committerBeno�t Ganne <bganne@cisco.com>2022-09-05 09:29:35 +0000
commitedb0d4563c2e808a1c7d9101b2c05087ffb3b279 (patch)
treea981d8e444a6fb43008676eaabe0781149da0b05 /src/vnet
parent934f9b095f2541888eff9c717f2d3e7f793456e0 (diff)
ip: fix punt socket overflow
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ip/punt.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/vnet/ip/punt.c b/src/vnet/ip/punt.c
index eb191da1394..10deb2e8849 100644
--- a/src/vnet/ip/punt.c
+++ b/src/vnet/ip/punt.c
@@ -165,7 +165,8 @@ punt_socket_register_l4 (vlib_main_t * vm,
punt_client_l4_db_add (af, port, c - pm->punt_client_pool);
}
- memcpy (c->caddr.sun_path, client_pathname, sizeof (c->caddr.sun_path));
+ snprintf (c->caddr.sun_path, sizeof (c->caddr.sun_path), "%s",
+ client_pathname);
c->caddr.sun_family = AF_UNIX;
c->reg.type = PUNT_TYPE_L4;
c->reg.punt.l4.port = port;
@@ -197,7 +198,8 @@ punt_socket_register_ip_proto (vlib_main_t * vm,
punt_client_ip_proto_db_add (af, proto, c - pm->punt_client_pool);
}
- memcpy (c->caddr.sun_path, client_pathname, sizeof (c->caddr.sun_path));
+ snprintf (c->caddr.sun_path, sizeof (c->caddr.sun_path), "%s",
+ client_pathname);
c->caddr.sun_family = AF_UNIX;
c->reg.type = PUNT_TYPE_IP_PROTO;
c->reg.punt.ip_proto.protocol = proto;
@@ -227,7 +229,8 @@ punt_socket_register_exception (vlib_main_t * vm,
punt_client_exception_db_add (reason, pc - pm->punt_client_pool);
}
- memcpy (pc->caddr.sun_path, client_pathname, sizeof (pc->caddr.sun_path));
+ snprintf (pc->caddr.sun_path, sizeof (pc->caddr.sun_path), "%s",
+ client_pathname);
pc->caddr.sun_family = AF_UNIX;
pc->reg.type = PUNT_TYPE_EXCEPTION;
pc->reg.punt.exception.reason = reason;