From 2dbee9361e74d03727a8b618ba80a5e28c006011 Mon Sep 17 00:00:00 2001
From: Jakub Grajciar <jgrajcia@cisco.com>
Date: Fri, 7 Feb 2020 11:30:26 +0100
Subject: api: improve api string safety

- Remove vl_api_from_api_string
  to prevent use of not nul-terminated strings.
- Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec
  to imply a new vector is created. NOT nul terminated.
- Add vl_api_from_api_to_new_c_string. Returns
  nul terminated string in a new vector.
- Add vl_api_c_string_to_api_string. Convert nul terminated
  string to vl_api_string_t
- Add vl_api_vec_to_api_string. Convert NON nul terminated
  vector to vl_api_string_t

Type: fix

Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
---
 src/plugins/http_static/http_static_test.c | 7 ++-----
 src/plugins/ioam/lib-pot/pot_api.c         | 4 ++--
 src/plugins/ioam/lib-pot/pot_test.c        | 4 ++--
 src/plugins/memif/memif_test.c             | 7 ++-----
 4 files changed, 8 insertions(+), 14 deletions(-)

(limited to 'src/plugins')

diff --git a/src/plugins/http_static/http_static_test.c b/src/plugins/http_static/http_static_test.c
index 0b46d23dce5..3503a1b0812 100644
--- a/src/plugins/http_static/http_static_test.c
+++ b/src/plugins/http_static/http_static_test.c
@@ -111,11 +111,8 @@ api_http_static_enable (vat_main_t * vam)
 
   /* Construct the API message */
   M (HTTP_STATIC_ENABLE, mp);
-  vl_api_to_api_string (strnlen ((const char *) www_root, 256),
-			(const char *) www_root,
-			(vl_api_string_t *) & mp->www_root);
-  vl_api_to_api_string (strnlen ((const char *) uri, 256), (const char *) uri,
-			(vl_api_string_t *) & mp->uri);
+  strncpy_s ((char *) mp->www_root, 256, (const char *) www_root, 256);
+  strncpy_s ((char *) mp->uri, 256, (const char *) uri, 256);
   mp->fifo_size = ntohl (fifo_size);
   mp->cache_size_limit = ntohl (cache_size_limit);
   mp->prealloc_fifos = ntohl (prealloc_fifos);
diff --git a/src/plugins/ioam/lib-pot/pot_api.c b/src/plugins/ioam/lib-pot/pot_api.c
index 2ecfc51d97a..31ddf9da528 100644
--- a/src/plugins/ioam/lib-pot/pot_api.c
+++ b/src/plugins/ioam/lib-pot/pot_api.c
@@ -43,7 +43,7 @@ static void vl_api_pot_profile_add_t_handler
     pot_profile *profile = NULL;
     u8 *name = 0;
 
-    name = vl_api_from_api_to_vec(&mp->list_name);
+    name = vl_api_from_api_to_new_vec(&mp->list_name);
 
     pot_profile_list_init(name);
     id = mp->id;
@@ -121,7 +121,7 @@ static void vl_api_pot_profile_activate_t_handler
     u8 id;
     u8 *name = NULL;
 
-    name = vl_api_from_api_to_vec(&mp->list_name);
+    name = vl_api_from_api_to_new_vec(&mp->list_name);
     if (!pot_profile_list_is_enabled(name)) {
         rv = -1;
     } else {
diff --git a/src/plugins/ioam/lib-pot/pot_test.c b/src/plugins/ioam/lib-pot/pot_test.c
index 90cff23888b..b30b21e9471 100644
--- a/src/plugins/ioam/lib-pot/pot_test.c
+++ b/src/plugins/ioam/lib-pot/pot_test.c
@@ -88,7 +88,7 @@ static int api_pot_profile_add (vat_main_t *vam)
 
     M2(POT_PROFILE_ADD, mp, sizeof(vl_api_string_t) + vec_len(name));
 
-    vl_api_to_api_string(vec_len(name), (const char *)name, &mp->list_name);
+    vl_api_vec_to_api_string(name, &mp->list_name);
     mp->secret_share = clib_host_to_net_u64(secret_share);
     mp->polynomial_public = clib_host_to_net_u64(poly2);
     mp->lpc = clib_host_to_net_u64(lpc);
@@ -142,7 +142,7 @@ static int api_pot_profile_activate (vat_main_t *vam)
       }
 
     M2(POT_PROFILE_ACTIVATE, mp, sizeof(vl_api_string_t) + vec_len(name));
-    vl_api_to_api_string(vec_len(name), (const char *)name, &mp->list_name);
+    vl_api_vec_to_api_string(name, &mp->list_name);
     mp->id = id;
 
     S(mp);
diff --git a/src/plugins/memif/memif_test.c b/src/plugins/memif/memif_test.c
index 05f5c29b957..1ec6703d135 100644
--- a/src/plugins/memif/memif_test.c
+++ b/src/plugins/memif/memif_test.c
@@ -112,9 +112,7 @@ api_memif_socket_filename_add_del (vat_main_t * vam)
   mp->is_add = is_add;
   mp->socket_id = htonl (socket_id);
   char *p = (char *) &mp->socket_filename;
-  p +=
-    vl_api_to_api_string (strlen ((char *) socket_filename),
-			  (char *) socket_filename, (vl_api_string_t *) p);
+  p += vl_api_vec_to_api_string (socket_filename, (vl_api_string_t *) p);
 
   vec_free (socket_filename);
 
@@ -218,8 +216,7 @@ api_memif_create (vat_main_t * vam)
   if (secret != 0)
     {
       char *p = (char *) &mp->secret;
-      p += vl_api_to_api_string (strlen ((char *) secret), (char *) secret,
-				 (vl_api_string_t *) p);
+      p += vl_api_vec_to_api_string (secret, (vl_api_string_t *) p);
       vec_free (secret);
     }
   memcpy (mp->hw_addr, hw_addr, 6);
-- 
cgit 1.2.3-korg