From 8c43d4dc13d0d02b79a32f1226de607db1bb869f Mon Sep 17 00:00:00 2001 From: Tianyu Li Date: Mon, 6 Dec 2021 13:15:59 +0800 Subject: misc: vppctl fix heap-buffer-overflow & memleaks 1. Malloc may return not zero buffer, causing strncat buffer overflow 2. Malloc buffer not freed Type: fix Fixes: 31f192434660 ("misc: vppctl - remove the dependency on vppinfra") Signed-off-by: Tianyu Li Change-Id: I5aebaccf3d0f8b7e3617068267f62cc2aa39d827 --- src/vpp/app/vppctl.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/vpp') diff --git a/src/vpp/app/vppctl.c b/src/vpp/app/vppctl.c index 8fe493d3f2a..becab52d08b 100644 --- a/src/vpp/app/vppctl.c +++ b/src/vpp/app/vppctl.c @@ -215,6 +215,13 @@ main (int argc, char *argv[]) { cmd_len++; // account for \n in the end cmd = malloc (cmd_len); + if (!cmd) + { + error = errno; + perror ("malloc failed"); + goto done; + } + memset (cmd, 0, cmd_len); while (argc--) { strncat (cmd, *argv++, cmd_len); @@ -431,6 +438,7 @@ main (int argc, char *argv[]) close (sock_fd); done: + free (cmd); if (efd > -1) close (efd); -- cgit 1.2.3-korg