From fc4828cdbed3f8d6cef8d02239f8603d789ac099 Mon Sep 17 00:00:00 2001 From: Vratko Polak Date: Tue, 2 Jul 2019 11:07:24 +0200 Subject: api: remove garbage from sockclnt_create reply The fix uses memset to zero after alloc, as sizing of source string is not obvious. Function vl_msg_api_alloc_zero is added (and used), so similar bugs can be fixed easily. Type: fix Ticket: VPP-1716 Change-Id: I3b20040d0de4222686c58779f2c0af78c5543504 Signed-off-by: Vratko Polak --- src/vlibmemory/memory_shared.c | 20 ++++++++++++++++++++ src/vlibmemory/memory_shared.h | 2 ++ src/vlibmemory/socket_api.c | 5 +++-- 3 files changed, 25 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/vlibmemory/memory_shared.c b/src/vlibmemory/memory_shared.c index 703db9da4ec..fa9936982ee 100644 --- a/src/vlibmemory/memory_shared.c +++ b/src/vlibmemory/memory_shared.c @@ -208,6 +208,16 @@ vl_msg_api_alloc (int nbytes) return vl_msg_api_alloc_internal (nbytes, pool, 0 /* may_return_null */ ); } +void * +vl_msg_api_alloc_zero (int nbytes) +{ + void *ret; + + ret = vl_msg_api_alloc (nbytes); + clib_memset (ret, 0, nbytes); + return ret; +} + void * vl_msg_api_alloc_or_null (int nbytes) { @@ -225,6 +235,16 @@ vl_msg_api_alloc_as_if_client (int nbytes) return vl_msg_api_alloc_internal (nbytes, 0, 0 /* may_return_null */ ); } +void * +vl_msg_api_alloc_zero_as_if_client (int nbytes) +{ + void *ret; + + ret = vl_msg_api_alloc_as_if_client (nbytes); + clib_memset (ret, 0, nbytes); + return ret; +} + void * vl_msg_api_alloc_as_if_client_or_null (int nbytes) { diff --git a/src/vlibmemory/memory_shared.h b/src/vlibmemory/memory_shared.h index 662eaf96589..8d5e472e455 100644 --- a/src/vlibmemory/memory_shared.h +++ b/src/vlibmemory/memory_shared.h @@ -109,8 +109,10 @@ typedef struct vl_shmem_hdr_ #define VL_API_EPOCH_SHIFT 8 void *vl_msg_api_alloc (int nbytes); +void *vl_msg_api_alloc_zero (int nbytes); void *vl_msg_api_alloc_or_null (int nbytes); void *vl_msg_api_alloc_as_if_client (int nbytes); +void *vl_msg_api_alloc_zero_as_if_client (int nbytes); void *vl_msg_api_alloc_as_if_client_or_null (int nbytes); void *vl_mem_api_alloc_as_if_client_w_reg (vl_api_registration_t * reg, int nbytes); diff --git a/src/vlibmemory/socket_api.c b/src/vlibmemory/socket_api.c index 31c1ff9880e..d3beafb3345 100644 --- a/src/vlibmemory/socket_api.c +++ b/src/vlibmemory/socket_api.c @@ -439,7 +439,7 @@ vl_api_sockclnt_create_t_handler (vl_api_sockclnt_create_t * mp) regp->name = format (0, "%s%c", mp->name, 0); u32 size = sizeof (*rp) + (nmsg * sizeof (vl_api_message_table_entry_t)); - rp = vl_msg_api_alloc (size); + rp = vl_msg_api_alloc_zero (size); rp->_vl_msg_id = htons (VL_API_SOCKCLNT_CREATE_REPLY); rp->index = htonl (sock_api_registration_handle (regp)); rp->context = mp->context; @@ -450,7 +450,8 @@ vl_api_sockclnt_create_t_handler (vl_api_sockclnt_create_t * mp) hash_foreach_pair (hp, am->msg_index_by_name_and_crc, ({ rp->message_table[i].index = htons(hp->value[0]); - strncpy((char *)rp->message_table[i].name, (char *)hp->key, 64-1); + strncpy_s((char *)rp->message_table[i].name, 64 /* bytes of space at dst */, + (char *)hp->key, 64-1 /* chars to copy, without zero byte. */); i++; })); /* *INDENT-ON* */ -- cgit 1.2.3-korg