linux-cp: fix vector-used-a-C-string overflow

lip_host_name is a non-NULL terminated vector, not a NULL-terminated
C-string.

Type: fix

Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/plugins/linux-cp/lcp_api.c b/src/plugins/linux-cp/lcp_api.c
index 409aa72..a6e14a7 100644 (file)
--- a/src/plugins/linux-cp/lcp_api.c
+++ b/src/plugins/linux-cp/lcp_api.c
@@ -120,9 +120,8 @@ send_lcp_itf_pair_details (index_t lipi, vl_api_registration_t *rp,
       rmp->vif_index = lcp_pair->lip_vif_index;
       rmp->host_if_type = api_encode_host_type (lcp_pair->lip_host_type);
 
-      clib_strncpy ((char *) rmp->host_if_name,
-                   (char *) lcp_pair->lip_host_name,
-                   vec_len (lcp_pair->lip_host_name) - 1);
+      memcpy_s (rmp->host_if_name, sizeof (rmp->host_if_name),
+               lcp_pair->lip_host_name, vec_len (lcp_pair->lip_host_name));
 
       clib_strncpy ((char *) rmp->namespace, (char *) lcp_pair->lip_namespace,
                    vec_len (lcp_pair->lip_namespace));

diff --git a/src/plugins/linux-cp/lcp_interface.c b/src/plugins/linux-cp/lcp_interface.c
index 534d974..0dcac48 100644 (file)
--- a/src/plugins/linux-cp/lcp_interface.c
+++ b/src/plugins/linux-cp/lcp_interface.c
@@ -88,7 +88,7 @@ format_lcp_itf_pair (u8 *s, va_list *args)
   else
     s = format (s, " %U", format_vnet_sw_interface_name, vnm, swif_host);
 
-  s = format (s, " %s %d type %s", lip->lip_host_name, lip->lip_vif_index,
+  s = format (s, " %v %d type %s", lip->lip_host_name, lip->lip_vif_index,
              (lip->lip_host_type == LCP_ITF_HOST_TAP) ? "tap" : "tun");
 
   if (lip->lip_namespace)