From 7e8cd07b1f2b859847b050ab64e37955a04f90f9 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Tue, 21 Jan 2020 18:24:44 +0100 Subject: map: api: fix tag overflow and leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne (cherry picked from commit 3b37125bdb0251181f90a429a4532b339711cf89) --- src/plugins/map/map.c | 3 ++- src/plugins/map/map_api.c | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/plugins/map/map.c b/src/plugins/map/map.c index a214228bd55..5a9cd7fc664 100644 --- a/src/plugins/map/map.c +++ b/src/plugins/map/map.c @@ -551,7 +551,7 @@ map_add_domain_command_fn (vlib_main_t * vm, num_m_args++; else if (unformat (line_input, "mtu %d", &mtu)) num_m_args++; - else if (unformat (line_input, "tag %v", &tag)) + else if (unformat (line_input, "tag %s", &tag)) ; else { @@ -573,6 +573,7 @@ map_add_domain_command_fn (vlib_main_t * vm, mtu, flags, tag); done: + vec_free (tag); unformat_free (line_input); return error; diff --git a/src/plugins/map/map_api.c b/src/plugins/map/map_api.c index b73f14aed81..c2b3712dc3e 100644 --- a/src/plugins/map/map_api.c +++ b/src/plugins/map/map_api.c @@ -54,7 +54,7 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp) u32 index; u8 flags = 0; - u8 *tag = format (0, "%s", mp->tag); + mp->tag[ARRAY_LEN (mp->tag) - 1] = '\0'; rv = map_create_domain ((ip4_address_t *) & mp->ip4_prefix.address, mp->ip4_prefix.len, @@ -62,8 +62,9 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp) mp->ip6_prefix.len, (ip6_address_t *) & mp->ip6_src.address, mp->ip6_src.len, mp->ea_bits_len, mp->psid_offset, - mp->psid_length, &index, ntohs (mp->mtu), flags, tag); - vec_free (tag); + mp->psid_length, &index, ntohs (mp->mtu), flags, + mp->tag); + /* *INDENT-OFF* */ REPLY_MACRO2(VL_API_MAP_ADD_DOMAIN_REPLY, ({ -- cgit 1.2.3-korg