From 884f0aff0e94ee35d7dd3c6dd55041d4872a9a9b Mon Sep 17 00:00:00 2001 From: Ole Troan Date: Fri, 14 Dec 2018 20:34:29 +0100 Subject: String type: Fix off by one error String is not sent nul terminated across API. The hardest two problems in computer science is cache invalidation naming and off by one errors. Change-Id: I36f1952ca955cb2d9dfb4c8120ec48c50ba17991 Signed-off-by: Ole Troan --- src/vat/api_format.c | 2 +- src/vlibapi/api_types.h | 5 ++--- src/vpp/api/api.c | 3 ++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 25d2dd3112a..f7e076764aa 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -6360,7 +6360,7 @@ exec_inband (vat_main_t * vam) */ u32 len = vec_len (vam->input->buffer); M2 (CLI_INBAND, mp, len); - vl_api_to_api_string (len, (const char *) vam->input->buffer, &mp->cmd); + vl_api_to_api_string (len - 1, (const char *) vam->input->buffer, &mp->cmd); S (mp); W (ret); diff --git a/src/vlibapi/api_types.h b/src/vlibapi/api_types.h index 759298e735d..ffcd24d12b2 100644 --- a/src/vlibapi/api_types.h +++ b/src/vlibapi/api_types.h @@ -32,13 +32,12 @@ typedef struct static inline int vl_api_to_api_string (u32 len, const char *buf, vl_api_string_t * str) { - if (strncpy_s ((char *) str->buf, len, buf, len - 1) != 0) - len = 0; + clib_memcpy(str->buf, buf, len); str->length = clib_host_to_net_u32 (len); return len + sizeof (u32); } -/* Return a C string from API string */ +/* Return a pointer to the API string (not nul terminated */ static inline u8 * vl_api_from_api_string (vl_api_string_t * astr) { diff --git a/src/vpp/api/api.c b/src/vpp/api/api.c index 1f376dcc64f..8e2e4cd75a6 100644 --- a/src/vpp/api/api.c +++ b/src/vpp/api/api.c @@ -219,7 +219,8 @@ vl_api_cli_inband_t_handler (vl_api_cli_inband_t * mp) u8 *out_vec = 0; u32 len = 0; - if (vl_msg_api_get_msg_length (mp) < vl_api_string_len (&mp->cmd)) + if (vl_msg_api_get_msg_length (mp) < + vl_api_string_len (&mp->cmd) + sizeof (*mp)) { rv = -1; goto error; -- cgit 1.2.3-korg