From 8b4d0dd5ba8ea42063b0700f39c2165486b8c9a0 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Fri, 12 Feb 2021 16:25:07 +0100 Subject: linux-cp: fix vector-used-a-C-string overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne --- src/plugins/linux-cp/lcp_api.c | 5 ++--- src/plugins/linux-cp/lcp_interface.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/plugins/linux-cp/lcp_api.c b/src/plugins/linux-cp/lcp_api.c index 409aa7224af..a6e14a7cac7 100644 --- a/src/plugins/linux-cp/lcp_api.c +++ b/src/plugins/linux-cp/lcp_api.c @@ -120,9 +120,8 @@ send_lcp_itf_pair_details (index_t lipi, vl_api_registration_t *rp, rmp->vif_index = lcp_pair->lip_vif_index; rmp->host_if_type = api_encode_host_type (lcp_pair->lip_host_type); - clib_strncpy ((char *) rmp->host_if_name, - (char *) lcp_pair->lip_host_name, - vec_len (lcp_pair->lip_host_name) - 1); + memcpy_s (rmp->host_if_name, sizeof (rmp->host_if_name), + lcp_pair->lip_host_name, vec_len (lcp_pair->lip_host_name)); clib_strncpy ((char *) rmp->namespace, (char *) lcp_pair->lip_namespace, vec_len (lcp_pair->lip_namespace)); diff --git a/src/plugins/linux-cp/lcp_interface.c b/src/plugins/linux-cp/lcp_interface.c index 534d974c7b0..0dcac4857cf 100644 --- a/src/plugins/linux-cp/lcp_interface.c +++ b/src/plugins/linux-cp/lcp_interface.c @@ -88,7 +88,7 @@ format_lcp_itf_pair (u8 *s, va_list *args) else s = format (s, " %U", format_vnet_sw_interface_name, vnm, swif_host); - s = format (s, " %s %d type %s", lip->lip_host_name, lip->lip_vif_index, + s = format (s, " %v %d type %s", lip->lip_host_name, lip->lip_vif_index, (lip->lip_host_type == LCP_ITF_HOST_TAP) ? "tap" : "tun"); if (lip->lip_namespace) -- cgit 1.2.3-korg