summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
c5b6b31)
String is not sent nul terminated across API.
The hardest two problems in computer science is cache invalidation
naming and off by one errors.
Change-Id: I36f1952ca955cb2d9dfb4c8120ec48c50ba17991
Signed-off-by: Ole Troan <ot@cisco.com>
*/
u32 len = vec_len (vam->input->buffer);
M2 (CLI_INBAND, mp, len);
*/
u32 len = vec_len (vam->input->buffer);
M2 (CLI_INBAND, mp, len);
- vl_api_to_api_string (len, (const char *) vam->input->buffer, &mp->cmd);
+ vl_api_to_api_string (len - 1, (const char *) vam->input->buffer, &mp->cmd);
static inline int
vl_api_to_api_string (u32 len, const char *buf, vl_api_string_t * str)
{
static inline int
vl_api_to_api_string (u32 len, const char *buf, vl_api_string_t * str)
{
- if (strncpy_s ((char *) str->buf, len, buf, len - 1) != 0)
- len = 0;
+ clib_memcpy(str->buf, buf, len);
str->length = clib_host_to_net_u32 (len);
return len + sizeof (u32);
}
str->length = clib_host_to_net_u32 (len);
return len + sizeof (u32);
}
-/* Return a C string from API string */
+/* Return a pointer to the API string (not nul terminated */
static inline u8 *
vl_api_from_api_string (vl_api_string_t * astr)
{
static inline u8 *
vl_api_from_api_string (vl_api_string_t * astr)
{
u8 *out_vec = 0;
u32 len = 0;
u8 *out_vec = 0;
u32 len = 0;
- if (vl_msg_api_get_msg_length (mp) < vl_api_string_len (&mp->cmd))
+ if (vl_msg_api_get_msg_length (mp) <
+ vl_api_string_len (&mp->cmd) + sizeof (*mp))