diff options
author | Vratko Polak <vrpolak@cisco.com> | 2019-07-02 11:07:24 +0200 |
---|---|---|
committer | Vratko Polak <vrpolak@cisco.com> | 2019-07-03 17:44:38 +0000 |
commit | fc4828cdbed3f8d6cef8d02239f8603d789ac099 (patch) | |
tree | 7c9e510305fa6438a90cd9e8b7a64572c16fa809 /src | |
parent | 0c7f54d489c66742903c460daa843ce048dbaf06 (diff) |
api: remove garbage from sockclnt_create reply
The fix uses memset to zero after alloc,
as sizing of source string is not obvious.
Function vl_msg_api_alloc_zero is added (and used),
so similar bugs can be fixed easily.
Type: fix
Ticket: VPP-1716
Change-Id: I3b20040d0de4222686c58779f2c0af78c5543504
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/vlibmemory/memory_shared.c | 20 | ||||
-rw-r--r-- | src/vlibmemory/memory_shared.h | 2 | ||||
-rw-r--r-- | src/vlibmemory/socket_api.c | 5 |
3 files changed, 25 insertions, 2 deletions
diff --git a/src/vlibmemory/memory_shared.c b/src/vlibmemory/memory_shared.c index 703db9da4ec..fa9936982ee 100644 --- a/src/vlibmemory/memory_shared.c +++ b/src/vlibmemory/memory_shared.c @@ -209,6 +209,16 @@ vl_msg_api_alloc (int nbytes) } void * +vl_msg_api_alloc_zero (int nbytes) +{ + void *ret; + + ret = vl_msg_api_alloc (nbytes); + clib_memset (ret, 0, nbytes); + return ret; +} + +void * vl_msg_api_alloc_or_null (int nbytes) { int pool; @@ -226,6 +236,16 @@ vl_msg_api_alloc_as_if_client (int nbytes) } void * +vl_msg_api_alloc_zero_as_if_client (int nbytes) +{ + void *ret; + + ret = vl_msg_api_alloc_as_if_client (nbytes); + clib_memset (ret, 0, nbytes); + return ret; +} + +void * vl_msg_api_alloc_as_if_client_or_null (int nbytes) { return vl_msg_api_alloc_internal (nbytes, 0, 1 /* may_return_null */ ); diff --git a/src/vlibmemory/memory_shared.h b/src/vlibmemory/memory_shared.h index 662eaf96589..8d5e472e455 100644 --- a/src/vlibmemory/memory_shared.h +++ b/src/vlibmemory/memory_shared.h @@ -109,8 +109,10 @@ typedef struct vl_shmem_hdr_ #define VL_API_EPOCH_SHIFT 8 void *vl_msg_api_alloc (int nbytes); +void *vl_msg_api_alloc_zero (int nbytes); void *vl_msg_api_alloc_or_null (int nbytes); void *vl_msg_api_alloc_as_if_client (int nbytes); +void *vl_msg_api_alloc_zero_as_if_client (int nbytes); void *vl_msg_api_alloc_as_if_client_or_null (int nbytes); void *vl_mem_api_alloc_as_if_client_w_reg (vl_api_registration_t * reg, int nbytes); diff --git a/src/vlibmemory/socket_api.c b/src/vlibmemory/socket_api.c index 31c1ff9880e..d3beafb3345 100644 --- a/src/vlibmemory/socket_api.c +++ b/src/vlibmemory/socket_api.c @@ -439,7 +439,7 @@ vl_api_sockclnt_create_t_handler (vl_api_sockclnt_create_t * mp) regp->name = format (0, "%s%c", mp->name, 0); u32 size = sizeof (*rp) + (nmsg * sizeof (vl_api_message_table_entry_t)); - rp = vl_msg_api_alloc (size); + rp = vl_msg_api_alloc_zero (size); rp->_vl_msg_id = htons (VL_API_SOCKCLNT_CREATE_REPLY); rp->index = htonl (sock_api_registration_handle (regp)); rp->context = mp->context; @@ -450,7 +450,8 @@ vl_api_sockclnt_create_t_handler (vl_api_sockclnt_create_t * mp) hash_foreach_pair (hp, am->msg_index_by_name_and_crc, ({ rp->message_table[i].index = htons(hp->value[0]); - strncpy((char *)rp->message_table[i].name, (char *)hp->key, 64-1); + strncpy_s((char *)rp->message_table[i].name, 64 /* bytes of space at dst */, + (char *)hp->key, 64-1 /* chars to copy, without zero byte. */); i++; })); /* *INDENT-ON* */ |