{
dhcp_client_send_walk_ctx_t *ctx;
vl_api_dhcp_client_details_t *mp;
+ u32 count;
+ size_t n;
ctx = arg;
- mp = vl_msg_api_alloc (sizeof (*mp));
- clib_memset (mp, 0, sizeof (*mp));
+ count = vec_len (client->domain_server_address);
+ n = sizeof (*mp) + (count * sizeof (vl_api_domain_server_t));
+ mp = vl_msg_api_alloc (n);
+ if (!mp)
+ return 0;
+ clib_memset (mp, 0, n);
mp->_vl_msg_id = ntohs (VL_API_DHCP_CLIENT_DETAILS + REPLY_MSG_ID_BASE);
mp->context = ctx->context;
params.T1 = ntohl (mp->T1);
params.T2 = ntohl (mp->T2);
n_addresses = ntohl (mp->n_addresses);
+ /* Make sure that the number of addresses is sane */
+ if (n_addresses * sizeof (params.addresses) > vl_msg_api_max_length (mp))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto bad_sw_if_index;
+ }
params.addresses = 0;
if (n_addresses > 0)
vec_validate (params.addresses, n_addresses - 1);
params.T1 = ntohl (mp->T1);
params.T2 = ntohl (mp->T2);
n_prefixes = ntohl (mp->n_prefixes);
+
+ /* Minimal check to see that the number of prefixes is sane */
+ if (n_prefixes * sizeof (params.prefixes) > vl_msg_api_max_length (mp))
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto bad_sw_if_index;
+ }
+
params.prefixes = 0;
if (n_prefixes > 0)
vec_validate (params.prefixes, n_prefixes - 1);