proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 08:50:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pbrd: remove unsafe string copy

Browse Source 
A user could overflow the pbr_ifp->mapname buffer by entering a pbr-map
name longer than 100 characters.

Coverity #1467821
Coverity #1467821

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2018-04-17 16:55:59 -04:00
parent 6898d846c5
commit 5f504f14a9
1 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pbrd/pbr_vty.c
View File

@ -322,27 +322,20 @@ DEFPY (pbr_policy,
if (no) {
if (strcmp(pbr_ifp->mapname, mapname) == 0) {
strcpy(pbr_ifp->mapname, "");
pbr_ifp->mapname[0] = '\0';
if (pbrm)
pbr_map_interface_delete(pbrm, ifp);
}
} else {
if (strcmp(pbr_ifp->mapname, "") == 0) {
strcpy(pbr_ifp->mapname, mapname);
if (pbrm)
pbr_map_add_interface(pbrm, ifp);
} else {
if (!(strcmp(pbr_ifp->mapname, mapname) == 0)) {
old_pbrm = pbrm_find(pbr_ifp->mapname);
if (old_pbrm)
pbr_map_interface_delete(old_pbrm, ifp);
strcpy(pbr_ifp->mapname, mapname);
if (pbrm)
pbr_map_add_interface(pbrm, ifp);
}
if (strcmp(pbr_ifp->mapname, "") != 0) {
old_pbrm = pbrm_find(pbr_ifp->mapname);
if (old_pbrm)
pbr_map_interface_delete(old_pbrm, ifp);
}
snprintf(pbr_ifp->mapname, sizeof(pbr_ifp->mapname),
"%s", mapname);
if (pbrm)
pbr_map_add_interface(pbrm, ifp);
}
return CMD_SUCCESS;