From 3b37125bdb0251181f90a429a4532b339711cf89 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Tue, 21 Jan 2020 18:24:44 +0100 Subject: map: api: fix tag overflow and leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne --- src/plugins/map/map_api.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/plugins/map/map_api.c') diff --git a/src/plugins/map/map_api.c b/src/plugins/map/map_api.c index 418f6a02a36..7327732c6a7 100644 --- a/src/plugins/map/map_api.c +++ b/src/plugins/map/map_api.c @@ -40,7 +40,7 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp) u32 index; u8 flags = 0; - u8 *tag = format (0, "%s", mp->tag); + mp->tag[ARRAY_LEN (mp->tag) - 1] = '\0'; rv = map_create_domain ((ip4_address_t *) & mp->ip4_prefix.address, mp->ip4_prefix.len, @@ -48,8 +48,9 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp) mp->ip6_prefix.len, (ip6_address_t *) & mp->ip6_src.address, mp->ip6_src.len, mp->ea_bits_len, mp->psid_offset, - mp->psid_length, &index, ntohs (mp->mtu), flags, tag); - vec_free (tag); + mp->psid_length, &index, ntohs (mp->mtu), flags, + mp->tag); + /* *INDENT-OFF* */ REPLY_MACRO2(VL_API_MAP_ADD_DOMAIN_REPLY, ({ -- cgit 1.2.3-korg