bgpd, zebra: remove strcpy, strlen and sprintf calls

Replace with safe copy functions - strlcpy, strlcat, strnlen and
snprintf.

Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>

bgpd/bgp_evpn_mh.c

@@ -1342,7 +1342,8 @@ static void bgp_evpn_es_local_info_set(struct bgp *bgp, struct bgp_evpn_es *es)
 	bf_assign_index(bm->rd_idspace, es->rd_id);
 	es->prd.family = AF_UNSPEC;
 	es->prd.prefixlen = 64;
-	sprintf(buf, "%s:%hu", inet_ntoa(bgp->router_id), es->rd_id);
+	snprintf(buf, sizeof(buf), "%s:%hu", inet_ntoa(bgp->router_id),
+		 es->rd_id);
 	(void)str2prefix_rd(buf, &es->prd);
 }
 
@@ -1551,7 +1552,8 @@ int bgp_evpn_local_es_add(struct bgp *bgp, esi_t *esi,
 	return 0;
 }
 
-static char *bgp_evpn_es_vteps_str(char *vtep_str, struct bgp_evpn_es *es)
+static char *bgp_evpn_es_vteps_str(char *vtep_str, struct bgp_evpn_es *es,
+				   uint8_t vtep_str_size)
 {
 	char vtep_flag_str[BGP_EVPN_FLAG_STR_SZ];
 	struct listnode *node;
@@ -1562,22 +1564,20 @@ static char *bgp_evpn_es_vteps_str(char *vtep_str, struct bgp_evpn_es *es)
 	for (ALL_LIST_ELEMENTS_RO(es->es_vtep_list, node, es_vtep)) {
 		vtep_flag_str[0] = '\0';
 		if (es_vtep->flags & BGP_EVPNES_VTEP_ESR)
-			strcpy(vtep_flag_str + strlen(vtep_flag_str), "E");
+			strlcat(vtep_flag_str, "E", sizeof(vtep_flag_str));
 		if (es_vtep->flags & BGP_EVPNES_VTEP_ACTIVE)
-			strcpy(vtep_flag_str + strlen(vtep_flag_str), "A");
+			strlcat(vtep_flag_str, "A", sizeof(vtep_flag_str));
 
 		if (!strlen(vtep_flag_str))
-			strcpy(vtep_flag_str, "-");
-		if (first) {
+			strlcat(vtep_flag_str, "-", sizeof(vtep_flag_str));
+		if (first)
 			first = false;
-			sprintf(vtep_str + strlen(vtep_str), "%s(%s)",
-					inet_ntoa(es_vtep->vtep_ip),
-					vtep_flag_str);
-		} else {
-			sprintf(vtep_str + strlen(vtep_str), ",%s(%s)",
-					inet_ntoa(es_vtep->vtep_ip),
-					vtep_flag_str);
-		}
+		else
+			strlcat(vtep_str, ",", vtep_str_size);
+		strlcat(vtep_str, inet_ntoa(es_vtep->vtep_ip), vtep_str_size);
+		strlcat(vtep_str, "(", vtep_str_size);
+		strlcat(vtep_str, vtep_flag_str, vtep_str_size);
+		strlcat(vtep_str, ")", vtep_str_size);
 	}
 
 	return vtep_str;
@@ -1653,18 +1653,18 @@ static void bgp_evpn_es_show_entry(struct vty *vty,
 
 		type_str[0] = '\0';
 		if (es->flags & BGP_EVPNES_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 		if (es->flags & BGP_EVPNES_REMOTE)
-			strcpy(type_str + strlen(type_str), "R");
+			strlcat(type_str, "R", sizeof(type_str));
 		if (es->inconsistencies)
-			strcpy(type_str + strlen(type_str), "I");
+			strlcat(type_str, "I", sizeof(type_str));
 
-		bgp_evpn_es_vteps_str(vtep_str, es);
+		bgp_evpn_es_vteps_str(vtep_str, es, sizeof(vtep_str));
 
 		if (es->flags & BGP_EVPNES_LOCAL)
 			prefix_rd2str(&es->prd, buf1, sizeof(buf1));
 		else
-			strcpy(buf1, "-");
+			strlcpy(buf1, "-", sizeof(buf1));
 
 		vty_out(vty, "%-30s %-5s %-21s %-8d %s\n",
 				es->esi_str, type_str, buf1,
@@ -1712,18 +1712,18 @@ static void bgp_evpn_es_show_entry_detail(struct vty *vty,
 
 		type_str[0] = '\0';
 		if (es->flags & BGP_EVPNES_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 		if (es->flags & BGP_EVPNES_REMOTE)
-			strcpy(type_str + strlen(type_str), "R");
+			strlcat(type_str, "R", sizeof(type_str));
 
-		bgp_evpn_es_vteps_str(vtep_str, es);
+		bgp_evpn_es_vteps_str(vtep_str, es, sizeof(vtep_str));
 		if (!strlen(vtep_str))
-			strcpy(vtep_str, "-");
+			strlcpy(buf1, "-", sizeof(buf1));
 
 		if (es->flags & BGP_EVPNES_LOCAL)
 			prefix_rd2str(&es->prd, buf1, sizeof(buf1));
 		else
-			strcpy(buf1, "-");
+			strlcpy(buf1, "-", sizeof(buf1));
 
 		vty_out(vty, "ESI: %s\n", es->esi_str);
 		vty_out(vty, " Type: %s\n", type_str);
@@ -1738,10 +1738,10 @@ static void bgp_evpn_es_show_entry_detail(struct vty *vty,
 		if (es->inconsistencies) {
 			incons_str[0] = '\0';
 			if (es->inconsistencies & BGP_EVPNES_INCONS_VTEP_LIST)
-				strcpy(incons_str + strlen(incons_str),
-						"vni-vtep-mismatch");
+				strlcat(incons_str, "vni-vtep-mismatch",
+					sizeof(incons_str));
 		} else {
-			strcpy(incons_str, "-");
+			strlcpy(incons_str, "-", sizeof(incons_str));
 		}
 		vty_out(vty, " Inconsistencies: %s\n",
 				incons_str);
@@ -2387,7 +2387,8 @@ void bgp_evpn_vni_es_cleanup(struct bgpevpn *vpn)
 }
 
 static char *bgp_evpn_es_evi_vteps_str(char *vtep_str,
-		struct bgp_evpn_es_evi *es_evi)
+				       struct bgp_evpn_es_evi *es_evi,
+				       uint8_t vtep_str_size)
 {
 	char vtep_flag_str[BGP_EVPN_FLAG_STR_SZ];
 	struct listnode *node;
@@ -2398,22 +2399,20 @@ static char *bgp_evpn_es_evi_vteps_str(char *vtep_str,
 	for (ALL_LIST_ELEMENTS_RO(es_evi->es_evi_vtep_list, node, evi_vtep)) {
 		vtep_flag_str[0] = '\0';
 		if (evi_vtep->flags & BGP_EVPN_EVI_VTEP_EAD_PER_ES)
-			strcpy(vtep_flag_str + strlen(vtep_flag_str), "E");
+			strlcat(vtep_flag_str, "E", sizeof(vtep_flag_str));
 		if (evi_vtep->flags & BGP_EVPN_EVI_VTEP_EAD_PER_EVI)
-			strcpy(vtep_flag_str + strlen(vtep_flag_str), "V");
+			strlcat(vtep_flag_str, "V", sizeof(vtep_flag_str));
 
-		if (!strlen(vtep_flag_str))
-			strcpy(vtep_flag_str, "-");
-		if (first) {
+		if (!strnlen(vtep_flag_str, sizeof(vtep_flag_str)))
+			strlcpy(vtep_flag_str, "-", sizeof(vtep_flag_str));
+		if (first)
 			first = false;
-			sprintf(vtep_str + strlen(vtep_str), "%s(%s)",
-					inet_ntoa(evi_vtep->vtep_ip),
-					vtep_flag_str);
-		} else {
-			sprintf(vtep_str + strlen(vtep_str), ",%s(%s)",
-					inet_ntoa(evi_vtep->vtep_ip),
-					vtep_flag_str);
-		}
+		else
+			strlcat(vtep_str, ",", vtep_str_size);
+		strlcat(vtep_str, inet_ntoa(evi_vtep->vtep_ip), vtep_str_size);
+		strlcat(vtep_str, "(", vtep_str_size);
+		strlcat(vtep_str, vtep_flag_str, vtep_str_size);
+		strlcat(vtep_str, ")", vtep_str_size);
 	}
 
 	return vtep_str;
@@ -2483,13 +2482,13 @@ static void bgp_evpn_es_evi_show_entry(struct vty *vty,
 
 		type_str[0] = '\0';
 		if (es_evi->flags & BGP_EVPNES_EVI_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 		if (es_evi->flags & BGP_EVPNES_EVI_REMOTE)
-			strcpy(type_str + strlen(type_str), "R");
+			strlcat(type_str, "R", sizeof(type_str));
 		if (es_evi->flags & BGP_EVPNES_EVI_INCONS_VTEP_LIST)
-			strcpy(type_str + strlen(type_str), "I");
+			strlcat(type_str, "I", sizeof(type_str));
 
-		bgp_evpn_es_evi_vteps_str(vtep_str, es_evi);
+		bgp_evpn_es_evi_vteps_str(vtep_str, es_evi, sizeof(vtep_str));
 
 		vty_out(vty, "%-8d %-30s %-5s %s\n",
 				es_evi->vpn->vni, es_evi->es->esi_str,
@@ -2516,13 +2515,13 @@ static void bgp_evpn_es_evi_show_entry_detail(struct vty *vty,
 
 		type_str[0] = '\0';
 		if (es_evi->flags & BGP_EVPNES_EVI_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 		if (es_evi->flags & BGP_EVPNES_EVI_REMOTE)
-			strcpy(type_str + strlen(type_str), "R");
+			strlcat(type_str, "R", sizeof(type_str));
 
-		bgp_evpn_es_evi_vteps_str(vtep_str, es_evi);
+		bgp_evpn_es_evi_vteps_str(vtep_str, es_evi, sizeof(vtep_str));
 		if (!strlen(vtep_str))
-			strcpy(vtep_str, "-");
+			strlcpy(vtep_str, "-", sizeof(type_str));
 
 		vty_out(vty, "VNI: %d ESI: %s\n",
 				es_evi->vpn->vni, es_evi->es->esi_str);

zebra/rt_netlink.c

@@ -3989,11 +3989,13 @@ static int netlink_fdb_nhg_update(uint32_t nhg_id, uint32_t nh_cnt,
 
 	if (IS_ZEBRA_DEBUG_KERNEL || IS_ZEBRA_DEBUG_EVPN_MH_NH) {
 		char vtep_str[ES_VTEP_LIST_STR_SZ];
+		char nh_buf[16];
 
 		vtep_str[0] = '\0';
 		for (i = 0; i < nh_cnt; ++i) {
-			sprintf(vtep_str + strlen(vtep_str), "0x%x ",
+			snprintf(nh_buf, sizeof(nh_buf), "%u ",
 					grp[i].id);
+			strlcat(vtep_str, nh_buf, sizeof(vtep_str));
 		}
 
 		zlog_debug("Tx %s fdb-nhg 0x%x %s",

zebra/zebra_evpn_mh.c

@@ -260,7 +260,7 @@ static void zebra_evpn_es_evi_show_entry(struct vty *vty,
 	} else {
 		type_str[0] = '\0';
 		if (es_evi->flags & ZEBRA_EVPNES_EVI_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 
 		vty_out(vty, "%-8d %-30s %-4s\n",
 				es_evi->zvni->vni, es_evi->es->esi_str,
@@ -278,7 +278,7 @@ static void zebra_evpn_es_evi_show_entry_detail(struct vty *vty,
 	} else {
 		type_str[0] = '\0';
 		if (es_evi->flags & ZEBRA_EVPNES_EVI_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 
 		vty_out(vty, "VNI %d ESI: %s\n",
 				es_evi->zvni->vni, es_evi->es->esi_str);
@@ -877,11 +877,14 @@ static void zebra_evpn_nhg_update(struct zebra_evpn_es *es)
 		if (IS_ZEBRA_DEBUG_EVPN_MH_NH) {
 			char nh_str[ES_VTEP_LIST_STR_SZ];
 			uint32_t i;
+			char nh_buf[16];
 
 			nh_str[0] = '\0';
-			for (i = 0; i < nh_cnt; ++i)
-				sprintf(nh_str + strlen(nh_str),
-						"0x%x ", nh_ids[i].id);
+			for (i = 0; i < nh_cnt; ++i) {
+				snprintf(nh_buf, sizeof(nh_buf), "%u ",
+					 nh_ids[i].id);
+				strlcat(nh_str, nh_buf, sizeof(nh_str));
+			}
 			zlog_debug("es %s nhg 0x%x add %s",
 					es->esi_str, es->nhg_id, nh_str);
 		}
@@ -1729,8 +1732,8 @@ void zebra_evpn_es_if_oper_state_change(struct zebra_if *zif, bool up)
 		zebra_evpn_es_send_add_to_client(es);
 }
 
-static char *zebra_evpn_es_vtep_str(char *vtep_str,
-		struct zebra_evpn_es *es)
+static char *zebra_evpn_es_vtep_str(char *vtep_str, struct zebra_evpn_es *es,
+				    uint8_t vtep_str_size)
 {
 	struct zebra_evpn_es_vtep *zvtep;
 	struct listnode	*node;
@@ -1740,11 +1743,12 @@ static char *zebra_evpn_es_vtep_str(char *vtep_str,
 	for (ALL_LIST_ELEMENTS_RO(es->es_vtep_list, node, zvtep)) {
 		if (first) {
 			first = false;
-			sprintf(vtep_str + strlen(vtep_str), "%s",
-					inet_ntoa(zvtep->vtep_ip));
+			strlcat(vtep_str, inet_ntoa(zvtep->vtep_ip),
+				vtep_str_size);
 		} else {
-			sprintf(vtep_str + strlen(vtep_str), ",%s",
-					inet_ntoa(zvtep->vtep_ip));
+			strlcat(vtep_str, ",", vtep_str_size);
+			strlcat(vtep_str, inet_ntoa(zvtep->vtep_ip),
+				vtep_str_size);
 		}
 	}
 	return vtep_str;
@@ -1761,11 +1765,11 @@ static void zebra_evpn_es_show_entry(struct vty *vty,
 	} else {
 		type_str[0] = '\0';
 		if (es->flags & ZEBRA_EVPNES_LOCAL)
-			strcpy(type_str + strlen(type_str), "L");
+			strlcat(type_str, "L", sizeof(type_str));
 		if (es->flags & ZEBRA_EVPNES_REMOTE)
-			strcpy(type_str + strlen(type_str), "R");
+			strlcat(type_str, "R", sizeof(type_str));
 
-		zebra_evpn_es_vtep_str(vtep_str, es);
+		zebra_evpn_es_vtep_str(vtep_str, es, sizeof(vtep_str));
 
 		vty_out(vty, "%-30s %-4s %-21s %s\n",
 				es->esi_str, type_str,
@@ -1786,11 +1790,11 @@ static void zebra_evpn_es_show_entry_detail(struct vty *vty,
 	} else {
 		type_str[0] = '\0';
 		if (es->flags & ZEBRA_EVPNES_LOCAL)
-			strcpy(type_str + strlen(type_str), "Local");
+			strlcat(type_str, "Local", sizeof(type_str));
 		if (es->flags & ZEBRA_EVPNES_REMOTE) {
-			if (strlen(type_str))
-				strcpy(type_str + strlen(type_str), ",");
-			strcpy(type_str + strlen(type_str), "Remote");
+			if (strnlen(type_str, sizeof(type_str)))
+				strlcat(type_str, ",", sizeof(type_str));
+			strlcat(type_str, "Remote", sizeof(type_str));
 		}
 
 		vty_out(vty, "ESI: %s\n", es->esi_str);

zebra/zebra_vxlan.c

@@ -893,9 +893,10 @@ static void zvni_print_neigh_hdr(struct vty *vty,
 		"State", "MAC", "Remote ES/VTEP", "Seq #'s");
 }
 
-static char *zvni_print_neigh_flags(zebra_neigh_t *n, char *flags_buf)
+static char *zvni_print_neigh_flags(zebra_neigh_t *n, char *flags_buf,
+		uint32_t flags_buf_sz)
 {
-	sprintf(flags_buf, "%s%s%s",
+	snprintf(flags_buf, flags_buf_sz, "%s%s%s",
 			(n->flags & ZEBRA_NEIGH_ES_PEER_ACTIVE) ?
 			"P" : "",
 			(n->flags & ZEBRA_NEIGH_ES_PEER_PROXY) ?
@@ -937,8 +938,9 @@ static void zvni_print_neigh_hash(struct hash_bucket *bucket, void *ctxt)
 		if (json_vni == NULL) {
 			vty_out(vty, "%*s %-6s %-5s %-8s %-17s %-30s %u/%u\n",
 				-wctx->addr_width, buf2, "local",
-				zvni_print_neigh_flags(n, flags_buf),
-				state_str, buf1, "", n->loc_seq, n->rem_seq);
+				zvni_print_neigh_flags(n, flags_buf,
+					sizeof(flags_buf)), state_str,
+				buf1, "", n->loc_seq, n->rem_seq);
 		} else {
 			json_object_string_add(json_row, "type", "local");
 			json_object_string_add(json_row, "state", state_str);
@@ -971,7 +973,8 @@ static void zvni_print_neigh_hash(struct hash_bucket *bucket, void *ctxt)
 				zvni_print_neigh_hdr(vty, wctx);
 			vty_out(vty, "%*s %-6s %-5s %-8s %-17s %-30s %u/%u\n",
 				-wctx->addr_width, buf2, "remote",
-				zvni_print_neigh_flags(n, flags_buf),
+				zvni_print_neigh_flags(n, flags_buf,
+					sizeof(flags_buf)),
 				state_str, buf1,
 				n->mac->es ? n->mac->es->esi_str :
 				inet_ntoa(n->r_vtep_ip),
@@ -1504,9 +1507,10 @@ static void zvni_print_mac(zebra_mac_t *mac, void *ctxt, json_object *json)
 	}
 }
 
-static char *zvni_print_mac_flags(zebra_mac_t *mac, char *flags_buf)
+static char *zvni_print_mac_flags(zebra_mac_t *mac, char *flags_buf,
+	uint32_t flags_buf_sz)
 {
-	sprintf(flags_buf, "%s%s%s%s",
+	snprintf(flags_buf, flags_buf_sz, "%s%s%s%s",
 			mac->sync_neigh_cnt ?
 			"N" : "",
 			(mac->flags & ZEBRA_MAC_ES_PEER_ACTIVE) ?
@@ -1551,7 +1555,8 @@ static void zvni_print_mac_hash(struct hash_bucket *bucket, void *ctxt)
 				&ifp, &vid);
 		if (json_mac_hdr == NULL) {
 			vty_out(vty, "%-17s %-6s %-5s %-30s", buf1, "local",
-					zvni_print_mac_flags(mac, flags_buf),
+					zvni_print_mac_flags(mac, flags_buf,
+						sizeof(flags_buf)),
 					ifp ? ifp->name : "-");
 		} else {
 			json_object_string_add(json_mac, "type", "local");
@@ -1606,7 +1611,8 @@ static void zvni_print_mac_hash(struct hash_bucket *bucket, void *ctxt)
 			}
 			vty_out(vty, "%-17s %-6s %-5s %-30s %-5s %u/%u\n", buf1,
 				"remote",
-				zvni_print_mac_flags(mac, flags_buf),
+				zvni_print_mac_flags(mac, flags_buf,
+					sizeof(flags_buf)),
 				mac->es ?  mac->es->esi_str :
 				inet_ntoa(mac->fwd_info.r_vtep_ip),
 				"", mac->loc_seq, mac->rem_seq);
@@ -9472,7 +9478,7 @@ void zebra_vxlan_remote_macip_add(ZAPI_HANDLER_ARGS)
 			if (memcmp(&esi, zero_esi, sizeof(esi_t)))
 				esi_to_str(&esi, esi_buf, sizeof(esi_buf));
 			else
-				strcpy(esi_buf, "-");
+				strlcpy(esi_buf, "-", ESI_STR_LEN);
 			zlog_debug(
 				"Recv %sMACIP ADD VNI %u MAC %s%s%s flags 0x%x seq %u VTEP %s ESI %s from %s",
 				(flags & ZEBRA_MACIP_TYPE_SYNC_PATH) ?