clib_memcpy (&lease->hostname, client->hostname, len);
lease->hostname[len] = 0;
- lease->mask_width = client->subnet_mask_width;
- clib_memcpy (&lease->host_address.un, (u8 *) & client->leased_address,
+ lease->mask_width = client->installed.subnet_mask_width;
+ clib_memcpy (&lease->host_address.un,
+ (u8 *) & client->installed.leased_address,
sizeof (ip4_address_t));
- clib_memcpy (&lease->router_address.un, (u8 *) & client->router_address,
+ clib_memcpy (&lease->router_address.un,
+ (u8 *) & client->installed.router_address,
sizeof (ip4_address_t));
lease->count = vec_len (client->domain_server_address);
{
dhcp_client_send_walk_ctx_t *ctx;
vl_api_dhcp_client_details_t *mp;
+ u32 count;
+ size_t n;
ctx = arg;
- mp = vl_msg_api_alloc (sizeof (*mp));
- clib_memset (mp, 0, sizeof (*mp));
+ count = vec_len (client->domain_server_address);
+ n = sizeof (*mp) + (count * sizeof (vl_api_domain_server_t));
+ mp = vl_msg_api_alloc (n);
+ if (!mp)
+ return 0;
+ clib_memset (mp, 0, n);
mp->_vl_msg_id = ntohs (VL_API_DHCP_CLIENT_DETAILS + REPLY_MSG_ID_BASE);
mp->context = ctx->context;
params.T1 = ntohl (mp->T1);
params.T2 = ntohl (mp->T2);
n_addresses = ntohl (mp->n_addresses);
+ /* Make sure that the number of addresses is sane */
+ if (n_addresses * sizeof (params.addresses) > vl_msg_api_max_length (mp))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto bad_sw_if_index;
+ }
params.addresses = 0;
if (n_addresses > 0)
vec_validate (params.addresses, n_addresses - 1);
params.T1 = ntohl (mp->T1);
params.T2 = ntohl (mp->T2);
n_prefixes = ntohl (mp->n_prefixes);
+
+ /* Minimal check to see that the number of prefixes is sane */
+ if (n_prefixes * sizeof (params.prefixes) > vl_msg_api_max_length (mp))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto bad_sw_if_index;
+ }
+
params.prefixes = 0;
if (n_prefixes > 0)
vec_validate (params.prefixes, n_prefixes - 1);
Code Review / vpp.git / blobdiff