tap: fix memory errors with create/delete API

CLI allocates vectors consumed by tap_create_if(), whereas API pass
null-terminated C-strings allocated on API segment.
Do not try to be too clever here, and just allocate our own private
copies.

Type: fix
Fixes: 8d879e1a6bac47240a232893e914815f781fd4bf
Ticket: VPP-1724

Change-Id: I3ccdb8e0fcd4cb9be414af9f38cf6c33931a1db7
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/vnet/devices/tap/tap.c b/src/vnet/devices/tap/tap.c
index 38ac0f9..c090bed 100644 (file)
--- a/src/vnet/devices/tap/tap.c
+++ b/src/vnet/devices/tap/tap.c
@@ -208,7 +208,7 @@ tap_create_if (vlib_main_t * vm, tap_create_if_args_t * args)
   vif->ifindex = if_nametoindex (ifr.ifr_ifrn.ifrn_name);
 
   if (!args->host_if_name)
-    args->host_if_name = format (0, "%s", ifr.ifr_ifrn.ifrn_name);
+    args->host_if_name = (void *) ifr.ifr_ifrn.ifrn_name;
 
   unsigned int offload = 0;
   hdrsz = sizeof (struct virtio_net_hdr_v1);
@@ -413,12 +413,9 @@ tap_create_if (vlib_main_t * vm, tap_create_if_args_t * args)
 
   clib_memcpy (vif->mac_addr, args->mac_addr, 6);
 
-  vif->host_if_name = args->host_if_name;
-  args->host_if_name = 0;
-  vif->net_ns = args->host_namespace;
-  args->host_namespace = 0;
-  vif->host_bridge = args->host_bridge;
-  args->host_bridge = 0;
+  vif->host_if_name = format (0, "%s%c", args->host_if_name, 0);
+  vif->net_ns = format (0, "%s%c", args->host_namespace, 0);
+  vif->host_bridge = format (0, "%s%c", args->host_bridge, 0);
   vif->host_mtu_size = args->host_mtu_size;
   clib_memcpy (vif->host_mac_addr, args->host_mac_addr, 6);
   vif->host_ip4_prefix_len = args->host_ip4_prefix_len;
@@ -490,6 +487,11 @@ error:
                                                               TX_QUEUE (i));
   vec_free (vif->rxq_vrings);
   vec_free (vif->txq_vrings);
+
+  vec_free (vif->host_if_name);
+  vec_free (vif->net_ns);
+  vec_free (vif->host_bridge);
+
   clib_memset (vif, 0, sizeof (virtio_if_t));
   pool_put (vim->interfaces, vif);