From 3491d7f1d05ee5e05ebf0f6129d54c5ca85e22cf Mon Sep 17 00:00:00 2001 From: Gabriel Ganne Date: Thu, 19 Oct 2017 15:10:46 +0200 Subject: [PATCH] null-terminate some formatted string Any u8* variable created by format() is NOT null-terminated. Add the null terminating byte with vec_terminate_c_string(). If that variable is used by (at least) hash_get_mem(), then it needs to be null-terminated, as it will go through string_key_sum() which makes a call to strlen. Change-Id: I4e51e1b6668f557e53af3bb897cd281598eedbc0 Signed-off-by: Gabriel Ganne --- src/vnet/lisp-cp/lisp_api.c | 6 ++++++ src/vnet/lisp-cp/one_api.c | 7 +++++++ src/vnet/policer/policer_api.c | 2 ++ src/vpp/api/api.c | 4 ++++ 4 files changed, 19 insertions(+) diff --git a/src/vnet/lisp-cp/lisp_api.c b/src/vnet/lisp-cp/lisp_api.c index 3053611c611..cb2eb0d9171 100644 --- a/src/vnet/lisp-cp/lisp_api.c +++ b/src/vnet/lisp-cp/lisp_api.c @@ -130,6 +130,7 @@ vl_api_lisp_add_del_locator_set_t_handler (vl_api_lisp_add_del_locator_set_t * mp->locator_set_name[63] = 0; locator_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_name); a->name = locator_name; a->is_add = mp->is_add; @@ -185,6 +186,7 @@ vl_api_lisp_add_del_locator_t_handler (vl_api_lisp_add_del_locator_t * mp) mp->locator_set_name[63] = 0; locator_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_name); a->name = locator_name; a->locators = locators; @@ -252,6 +254,7 @@ vl_api_lisp_add_del_local_eid_t_handler (vl_api_lisp_add_del_local_eid_t * mp) mp->locator_set_name[63] = 0; name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (name); p = hash_get_mem (lcm->locator_set_index_by_name, name); if (!p) { @@ -393,6 +396,7 @@ vl_api_lisp_pitr_set_locator_set_t_handler (vl_api_lisp_pitr_set_locator_set_t u8 *ls_name = 0; ls_name = format (0, "%s", mp->ls_name); + vec_terminate_c_string (ls_name); rv = vnet_lisp_pitr_set_locator_set (ls_name, mp->is_add); vec_free (ls_name); @@ -481,6 +485,7 @@ static void mp->locator_set_name[63] = 0; locator_set_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_set_name); a->is_add = mp->is_add; a->locator_set_name = locator_set_name; @@ -627,6 +632,7 @@ vl_api_lisp_locator_dump_t_handler (vl_api_lisp_locator_dump_t * mp) /* make sure we get a proper C-string */ mp->ls_name[sizeof (mp->ls_name) - 1] = 0; ls_name = format (0, "%s", mp->ls_name); + vec_terminate_c_string (ls_name); p = hash_get_mem (lcm->locator_set_index_by_name, ls_name); if (!p) goto out; diff --git a/src/vnet/lisp-cp/one_api.c b/src/vnet/lisp-cp/one_api.c index e3a2afe78cf..c9b5dca3aff 100644 --- a/src/vnet/lisp-cp/one_api.c +++ b/src/vnet/lisp-cp/one_api.c @@ -203,6 +203,7 @@ vl_api_one_add_del_locator_set_t_handler (vl_api_one_add_del_locator_set_t * memset (a, 0, sizeof (a[0])); locator_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_name); a->name = locator_name; a->is_add = mp->is_add; @@ -257,6 +258,7 @@ vl_api_one_add_del_locator_t_handler (vl_api_one_add_del_locator_t * mp) vec_add1 (locators, locator); locator_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_name); a->name = locator_name; a->locators = locators; @@ -343,6 +345,7 @@ vl_api_one_add_del_local_eid_t_handler (vl_api_one_add_del_local_eid_t * mp) } name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (name); p = hash_get_mem (lcm->locator_set_index_by_name, name); if (!p) { @@ -483,6 +486,7 @@ vl_api_one_nsh_set_locator_set_t_handler (vl_api_one_nsh_set_locator_set_t u8 *ls_name = 0; ls_name = format (0, "%s", mp->ls_name); + vec_terminate_c_string (ls_name); rv = vnet_lisp_nsh_set_locator_set (ls_name, mp->is_add); vec_free (ls_name); @@ -498,6 +502,7 @@ vl_api_one_pitr_set_locator_set_t_handler (vl_api_one_pitr_set_locator_set_t u8 *ls_name = 0; ls_name = format (0, "%s", mp->ls_name); + vec_terminate_c_string (ls_name); rv = vnet_lisp_pitr_set_locator_set (ls_name, mp->is_add); vec_free (ls_name); @@ -585,6 +590,7 @@ static void vnet_lisp_add_del_mreq_itr_rloc_args_t _a, *a = &_a; locator_set_name = format (0, "%s", mp->locator_set_name); + vec_terminate_c_string (locator_set_name); a->is_add = mp->is_add; a->locator_set_name = locator_set_name; @@ -728,6 +734,7 @@ vl_api_one_locator_dump_t_handler (vl_api_one_locator_dump_t * mp) /* make sure we get a proper C-string */ mp->ls_name[sizeof (mp->ls_name) - 1] = 0; ls_name = format (0, "%s", mp->ls_name); + vec_terminate_c_string (ls_name); p = hash_get_mem (lcm->locator_set_index_by_name, ls_name); if (!p) goto out; diff --git a/src/vnet/policer/policer_api.c b/src/vnet/policer/policer_api.c index 3dc2cdd6a0a..686ed508a59 100644 --- a/src/vnet/policer/policer_api.c +++ b/src/vnet/policer/policer_api.c @@ -58,6 +58,7 @@ vl_api_policer_add_del_t_handler (vl_api_policer_add_del_t * mp) u32 policer_index; name = format (0, "%s", mp->name); + vec_terminate_c_string (name); memset (&cfg, 0, sizeof (cfg)); cfg.rfc = mp->type; @@ -152,6 +153,7 @@ vl_api_policer_dump_t_handler (vl_api_policer_dump_t * mp) if (mp->match_name_valid) { match_name = format (0, "%s%c", mp->match_name, 0); + vec_terminate_c_string (match_name); } if (mp->match_name_valid) diff --git a/src/vpp/api/api.c b/src/vpp/api/api.c index 7350936d061..36953aec623 100644 --- a/src/vpp/api/api.c +++ b/src/vpp/api/api.c @@ -1805,6 +1805,7 @@ vl_api_pg_capture_t_handler (vl_api_pg_capture_t * mp) vnet_hw_interface_t *hi = 0; u8 *intf_name = format (0, "pg%d", ntohl (mp->interface_id), 0); + vec_terminate_c_string (intf_name); u32 hw_if_index = ~0; uword *p = hash_get_mem (im->hw_interface_by_name, intf_name); if (p) @@ -2109,6 +2110,9 @@ vl_api_feature_enable_disable_t_handler (vl_api_feature_enable_disable_t * mp) u8 *arc_name = format (0, "%s%c", mp->arc_name, 0); u8 *feature_name = format (0, "%s%c", mp->feature_name, 0); + vec_terminate_c_string (arc_name); + vec_terminate_c_string (feature_name); + vnet_feature_registration_t *reg = vnet_get_feature_reg ((const char *) arc_name, (const char *) feature_name); -- 2.16.6