String type: Fix off by one error

String is not sent nul terminated across API.
The hardest two problems in computer science is cache invalidation
naming and off by one errors.

Change-Id: I36f1952ca955cb2d9dfb4c8120ec48c50ba17991
Signed-off-by: Ole Troan <ot@cisco.com>

diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index 25d2dd3..f7e0767 100644 (file)
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -6360,7 +6360,7 @@ exec_inband (vat_main_t * vam)
    */
   u32 len = vec_len (vam->input->buffer);
   M2 (CLI_INBAND, mp, len);
-  vl_api_to_api_string (len, (const char *) vam->input->buffer, &mp->cmd);
+  vl_api_to_api_string (len - 1, (const char *) vam->input->buffer, &mp->cmd);
 
   S (mp);
   W (ret);

diff --git a/src/vlibapi/api_types.h b/src/vlibapi/api_types.h
index 759298e..ffcd24d 100644 (file)
--- a/src/vlibapi/api_types.h
+++ b/src/vlibapi/api_types.h
@@ -32,13 +32,12 @@ typedef struct
 static inline int
 vl_api_to_api_string (u32 len, const char *buf, vl_api_string_t * str)
 {
-  if (strncpy_s ((char *) str->buf, len, buf, len - 1) != 0)
-    len = 0;
+  clib_memcpy(str->buf, buf, len);
   str->length = clib_host_to_net_u32 (len);
   return len + sizeof (u32);
 }
 
-/* Return a C string from API string */
+/* Return a pointer to the API string (not nul terminated */
 static inline u8 *
 vl_api_from_api_string (vl_api_string_t * astr)
 {

diff --git a/src/vpp/api/api.c b/src/vpp/api/api.c
index 1f376dc..8e2e4cd 100644 (file)
--- a/src/vpp/api/api.c
+++ b/src/vpp/api/api.c
@@ -219,7 +219,8 @@ vl_api_cli_inband_t_handler (vl_api_cli_inband_t * mp)
   u8 *out_vec = 0;
   u32 len = 0;
 
-  if (vl_msg_api_get_msg_length (mp) < vl_api_string_len (&mp->cmd))
+  if (vl_msg_api_get_msg_length (mp) <
+      vl_api_string_len (&mp->cmd) + sizeof (*mp))
     {
       rv = -1;
       goto error;