pppoe: fix uninitialized memory bug

In pppoe_cp_node.c, node->errors[error0] was accessed without
node->errors being initialized.

Found with AFL + ASAN.

Type: fix
Signed-off-by: TimotheeChauvin <timchauv@cisco.com>
Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7

diff --git a/src/plugins/pppoe/pppoe.h b/src/plugins/pppoe/pppoe.h
index 471727c..3e331ee 100644 (file)
--- a/src/plugins/pppoe/pppoe.h
+++ b/src/plugins/pppoe/pppoe.h
@@ -94,6 +94,7 @@ typedef enum
   PPPOE_N_ERROR,
 } pppoe_input_error_t;
 
+extern char *pppoe_error_strings[];
 
 #define MTU 1500
 #define MTU_BUFFERS ((MTU + vlib_buffer_get_default_data_size(vm) - 1) / vlib_buffer_get_default_data_size(vm))

diff --git a/src/plugins/pppoe/pppoe_cp_node.c b/src/plugins/pppoe/pppoe_cp_node.c
index 3f86645..bf9018e 100644 (file)
--- a/src/plugins/pppoe/pppoe_cp_node.c
+++ b/src/plugins/pppoe/pppoe_cp_node.c
@@ -237,6 +237,9 @@ VLIB_REGISTER_NODE (pppoe_cp_dispatch_node) = {
   /* Takes a vector of packets. */
   .vector_size = sizeof (u32),
 
+  .n_errors = PPPOE_N_ERROR,
+  .error_strings = pppoe_error_strings,
+
   .n_next_nodes = PPPOE_CP_N_NEXT,
   .next_nodes = {
 #define _(s,n) [PPPOE_CP_NEXT_##s] = n,

diff --git a/src/plugins/pppoe/pppoe_decap.c b/src/plugins/pppoe/pppoe_decap.c
index 256dd83..d3f4a5f 100644 (file)
--- a/src/plugins/pppoe/pppoe_decap.c
+++ b/src/plugins/pppoe/pppoe_decap.c
@@ -390,12 +390,14 @@ VLIB_NODE_FN (pppoe_input_node) (vlib_main_t * vm,
   return from_frame->n_vectors;
 }
 
-static char * pppoe_error_strings[] = {
+#ifndef CLIB_MARCH_VARIANT
+char * pppoe_error_strings[] = {
 #define pppoe_error(n,s) s,
 #include <pppoe/pppoe_error.def>
 #undef pppoe_error
 #undef _
 };
+#endif /* CLIB_MARCH_VARIANT */
 
 VLIB_REGISTER_NODE (pppoe_input_node) = {
   .name = "pppoe-input",