summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorOle Troan <ot@cisco.com>2018-12-14 20:34:29 +0100
committerDave Barach <openvpp@barachs.net>2018-12-14 22:50:51 +0000
commit884f0aff0e94ee35d7dd3c6dd55041d4872a9a9b (patch)
treedf99d8ee8db09d41fb8998ff97b95758f131d13c /src
parentc5b6b3198069717f836807b57d01607c6711fb02 (diff)
String type: Fix off by one error
String is not sent nul terminated across API. The hardest two problems in computer science is cache invalidation naming and off by one errors. Change-Id: I36f1952ca955cb2d9dfb4c8120ec48c50ba17991 Signed-off-by: Ole Troan <ot@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/vat/api_format.c2
-rw-r--r--src/vlibapi/api_types.h5
-rw-r--r--src/vpp/api/api.c3
3 files changed, 5 insertions, 5 deletions
diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index 25d2dd3112a..f7e076764aa 100644
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -6360,7 +6360,7 @@ exec_inband (vat_main_t * vam)
*/
u32 len = vec_len (vam->input->buffer);
M2 (CLI_INBAND, mp, len);
- vl_api_to_api_string (len, (const char *) vam->input->buffer, &mp->cmd);
+ vl_api_to_api_string (len - 1, (const char *) vam->input->buffer, &mp->cmd);
S (mp);
W (ret);
diff --git a/src/vlibapi/api_types.h b/src/vlibapi/api_types.h
index 759298e735d..ffcd24d12b2 100644
--- a/src/vlibapi/api_types.h
+++ b/src/vlibapi/api_types.h
@@ -32,13 +32,12 @@ typedef struct
static inline int
vl_api_to_api_string (u32 len, const char *buf, vl_api_string_t * str)
{
- if (strncpy_s ((char *) str->buf, len, buf, len - 1) != 0)
- len = 0;
+ clib_memcpy(str->buf, buf, len);
str->length = clib_host_to_net_u32 (len);
return len + sizeof (u32);
}
-/* Return a C string from API string */
+/* Return a pointer to the API string (not nul terminated */
static inline u8 *
vl_api_from_api_string (vl_api_string_t * astr)
{
diff --git a/src/vpp/api/api.c b/src/vpp/api/api.c
index 1f376dcc64f..8e2e4cd75a6 100644
--- a/src/vpp/api/api.c
+++ b/src/vpp/api/api.c
@@ -219,7 +219,8 @@ vl_api_cli_inband_t_handler (vl_api_cli_inband_t * mp)
u8 *out_vec = 0;
u32 len = 0;
- if (vl_msg_api_get_msg_length (mp) < vl_api_string_len (&mp->cmd))
+ if (vl_msg_api_get_msg_length (mp) <
+ vl_api_string_len (&mp->cmd) + sizeof (*mp))
{
rv = -1;
goto error;