From 2887159a1a5f5c501c2df59bf88e6faa38e9699f Mon Sep 17 00:00:00 2001
From: TimotheeChauvin <timchauv@cisco.com>
Date: Thu, 16 Jul 2020 12:27:10 +0000
Subject: pppoe: fix uninitialized memory bug

In pppoe_cp_node.c, node->errors[error0] was accessed without
node->errors being initialized.

Found with AFL + ASAN.

Type: fix
Signed-off-by: TimotheeChauvin <timchauv@cisco.com>
Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7
---
 src/plugins/pppoe/pppoe.h         | 1 +
 src/plugins/pppoe/pppoe_cp_node.c | 3 +++
 src/plugins/pppoe/pppoe_decap.c   | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/plugins/pppoe')

diff --git a/src/plugins/pppoe/pppoe.h b/src/plugins/pppoe/pppoe.h
index 471727ce893..3e331ee6a11 100644
--- a/src/plugins/pppoe/pppoe.h
+++ b/src/plugins/pppoe/pppoe.h
@@ -94,6 +94,7 @@ typedef enum
   PPPOE_N_ERROR,
 } pppoe_input_error_t;
 
+extern char *pppoe_error_strings[];
 
 #define MTU 1500
 #define MTU_BUFFERS ((MTU + vlib_buffer_get_default_data_size(vm) - 1) / vlib_buffer_get_default_data_size(vm))
diff --git a/src/plugins/pppoe/pppoe_cp_node.c b/src/plugins/pppoe/pppoe_cp_node.c
index 3f866450cfb..bf9018e8c90 100644
--- a/src/plugins/pppoe/pppoe_cp_node.c
+++ b/src/plugins/pppoe/pppoe_cp_node.c
@@ -237,6 +237,9 @@ VLIB_REGISTER_NODE (pppoe_cp_dispatch_node) = {
   /* Takes a vector of packets. */
   .vector_size = sizeof (u32),
 
+  .n_errors = PPPOE_N_ERROR,
+  .error_strings = pppoe_error_strings,
+
   .n_next_nodes = PPPOE_CP_N_NEXT,
   .next_nodes = {
 #define _(s,n) [PPPOE_CP_NEXT_##s] = n,
diff --git a/src/plugins/pppoe/pppoe_decap.c b/src/plugins/pppoe/pppoe_decap.c
index 256dd83e43d..d3f4a5fedf3 100644
--- a/src/plugins/pppoe/pppoe_decap.c
+++ b/src/plugins/pppoe/pppoe_decap.c
@@ -390,12 +390,14 @@ VLIB_NODE_FN (pppoe_input_node) (vlib_main_t * vm,
   return from_frame->n_vectors;
 }
 
-static char * pppoe_error_strings[] = {
+#ifndef CLIB_MARCH_VARIANT
+char * pppoe_error_strings[] = {
 #define pppoe_error(n,s) s,
 #include <pppoe/pppoe_error.def>
 #undef pppoe_error
 #undef _
 };
+#endif /* CLIB_MARCH_VARIANT */
 
 VLIB_REGISTER_NODE (pppoe_input_node) = {
   .name = "pppoe-input",
-- 
cgit 1.2.3-korg