mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-08-14 08:50:26 +00:00
pbrd: remove unsafe string copy
A user could overflow the pbr_ifp->mapname buffer by entering a pbr-map name longer than 100 characters. Coverity #1467821 Coverity #1467821 Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
parent
6898d846c5
commit
5f504f14a9
@ -322,27 +322,20 @@ DEFPY (pbr_policy,
|
||||
|
||||
if (no) {
|
||||
if (strcmp(pbr_ifp->mapname, mapname) == 0) {
|
||||
strcpy(pbr_ifp->mapname, "");
|
||||
|
||||
pbr_ifp->mapname[0] = '\0';
|
||||
if (pbrm)
|
||||
pbr_map_interface_delete(pbrm, ifp);
|
||||
}
|
||||
} else {
|
||||
if (strcmp(pbr_ifp->mapname, "") == 0) {
|
||||
strcpy(pbr_ifp->mapname, mapname);
|
||||
|
||||
if (pbrm)
|
||||
pbr_map_add_interface(pbrm, ifp);
|
||||
} else {
|
||||
if (!(strcmp(pbr_ifp->mapname, mapname) == 0)) {
|
||||
old_pbrm = pbrm_find(pbr_ifp->mapname);
|
||||
if (old_pbrm)
|
||||
pbr_map_interface_delete(old_pbrm, ifp);
|
||||
strcpy(pbr_ifp->mapname, mapname);
|
||||
if (pbrm)
|
||||
pbr_map_add_interface(pbrm, ifp);
|
||||
}
|
||||
if (strcmp(pbr_ifp->mapname, "") != 0) {
|
||||
old_pbrm = pbrm_find(pbr_ifp->mapname);
|
||||
if (old_pbrm)
|
||||
pbr_map_interface_delete(old_pbrm, ifp);
|
||||
}
|
||||
snprintf(pbr_ifp->mapname, sizeof(pbr_ifp->mapname),
|
||||
"%s", mapname);
|
||||
if (pbrm)
|
||||
pbr_map_add_interface(pbrm, ifp);
|
||||
}
|
||||
|
||||
return CMD_SUCCESS;
|
||||
|
Loading…
Reference in New Issue
Block a user