From f177a83efca0db4757a89e797f233f19b81e1255 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Sat, 18 Jul 2020 09:45:08 -0400
Subject: [PATCH 1/2] zebra: Possible write beyond buffer length

Prevent string manipulation where we might have data
passed into that is larger than the buffer we are pushing into.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 zebra/zebra_netns_notify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 4e504c48b0..995fa6fb5a 100644
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -185,7 +185,7 @@ static bool zebra_ns_notify_is_default_netns(const char *name)
 {
 	struct stat default_netns_stat;
 	struct stat st;
-	char netnspath[64];
+	char netnspath[PATH_MAX];
 
 	if (zebra_ns_notify_self_identify(&default_netns_stat))
 		return false;

From d76c38ade314bcdc58c2ff69f3b9c80ddf2293d2 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Sat, 18 Jul 2020 09:46:06 -0400
Subject: [PATCH 2/2] pimd: Prevent Null string %s issues

There are couple spots where group may be NULL and
when we output strings associated with it we should
ensure we are not doing something stupid.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 pimd/pim_cmd.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pimd/pim_cmd.c b/pimd/pim_cmd.c
index 6ede015a0e..db3f0b8b23 100644
--- a/pimd/pim_cmd.c
+++ b/pimd/pim_cmd.c
@@ -6784,12 +6784,13 @@ static int pim_rp_cmd_worker(struct pim_instance *pim, struct vty *vty,
 
 	if (result == PIM_GROUP_BAD_ADDR_MASK_COMBO) {
 		vty_out(vty, "%% Inconsistent address and mask: %s\n",
-			group);
+			group ? group : "No Group Address");
 		return CMD_WARNING_CONFIG_FAILED;
 	}
 
 	if (result == PIM_GROUP_BAD_ADDRESS) {
-		vty_out(vty, "%% Bad group address specified: %s\n", group);
+		vty_out(vty, "%% Bad group address specified: %s\n",
+			group ? group : "No Group Address");
 		return CMD_WARNING_CONFIG_FAILED;
 	}
 
@@ -7158,7 +7159,8 @@ static int pim_no_rp_cmd_worker(struct pim_instance *pim, struct vty *vty,
 	int result = pim_rp_del_config(pim, rp, group, plist);
 
 	if (result == PIM_GROUP_BAD_ADDRESS) {
-		vty_out(vty, "%% Bad group address specified: %s\n", group);
+		vty_out(vty, "%% Bad group address specified: %s\n",
+			group ? group : "No Group Address");
 		return CMD_WARNING_CONFIG_FAILED;
 	}