NAT: VPP-1665 coverity scan issue fix

Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4
Signed-off-by: Filip Varga <fivarga@cisco.com>

diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c
index 5c6d957..1dad4e4 100644 (file)
--- a/src/plugins/nat/nat_api.c
+++ b/src/plugins/nat/nat_api.c
@@ -1190,6 +1190,14 @@ static void
       goto send_reply;
     }
 
+  len = vl_api_string_len (&mp->tag);
+
+  if (len > 64)
+    {
+      rv = VNET_API_ERROR_INVALID_VALUE;
+      goto send_reply;
+    }
+
   memcpy (&local_addr.as_u8, mp->local_ip_address, 4);
   memcpy (&external_addr.as_u8, mp->external_ip_address, 4);
 
@@ -1208,9 +1216,8 @@ static void
   else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT)
     twice_nat = TWICE_NAT_SELF;
 
-  len = vl_api_string_len (&mp->tag);
-
   tag = vec_new (u8, len);
+
   memcpy (tag, mp->tag.buf, len);
   vec_terminate_c_string (tag);