matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

pimd: fix misuse of xpath buf size constants

Browse source 
XPATH_MAXLEN denotes the maximum length of an XPATH. It does not make
sense to allocate a buffer intended to contain an XPATH with a size
larger than the maximum allowable size of an XPATH. Consequently this PR
removes buffers that do this. Prints into these buffers are now checked
for overflow.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
This commit is contained in:
Quentin Young 2022-01-20 17:24:30 -05:00
parent c63f4b0ffd
commit d7073b211a
1 changed files with 67 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
pimd/pim_cmd.c
View file

@ -7380,9 +7380,10 @@ DEFUN (no_ip_pim_rp,
int idx_rp = 4, idx_group = 5; int idx_rp = 4, idx_group = 5;
const char *group_str = const char *group_str =
(argc == 6) ? argv[idx_group]->arg : "224.0.0.0/4"; (argc == 6) ? argv[idx_group]->arg : "224.0.0.0/4";
char group_list_xpath[XPATH_MAXLEN + 32]; char group_list_xpath[XPATH_MAXLEN];
char group_xpath[XPATH_MAXLEN + 64]; char group_xpath[XPATH_MAXLEN];
char rp_xpath[XPATH_MAXLEN]; char rp_xpath[XPATH_MAXLEN];
int printed;
const char *vrfname; const char *vrfname;
const struct lyd_node *group_dnode; const struct lyd_node *group_dnode;
@ -7394,11 +7395,24 @@ DEFUN (no_ip_pim_rp,
"frr-pim:pimd", "pim", vrfname, "frr-routing:ipv4", "frr-pim:pimd", "pim", vrfname, "frr-routing:ipv4",
argv[idx_rp]->arg); argv[idx_rp]->arg);
snprintf(group_list_xpath, sizeof(group_list_xpath), "%s/group-list",
rp_xpath);
snprintf(group_xpath, sizeof(group_xpath), "%s[.='%s']", printed = snprintf(group_list_xpath, sizeof(group_list_xpath),
group_list_xpath, group_str); "%s/group-list", rp_xpath);
if (printed >= (int)(sizeof(group_list_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
printed = snprintf(group_xpath, sizeof(group_xpath), "%s[.='%s']",
group_list_xpath, group_str);
if (printed >= (int)(sizeof(group_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
if (!yang_dnode_exists(vty->candidate_config->dnode, group_xpath)) { if (!yang_dnode_exists(vty->candidate_config->dnode, group_xpath)) {
vty_out(vty, "%% Unable to find specified RP\n"); vty_out(vty, "%% Unable to find specified RP\n");
@ -7859,11 +7873,18 @@ DEFUN (interface_no_ip_igmp,
IFACE_IGMP_STR) IFACE_IGMP_STR)
{ {
const struct lyd_node *pim_enable_dnode; const struct lyd_node *pim_enable_dnode;
char pim_if_xpath[XPATH_MAXLEN + 20]; char pim_if_xpath[XPATH_MAXLEN];
snprintf(pim_if_xpath, sizeof(pim_if_xpath), int printed =
"%s/frr-pim:pim/address-family[address-family='%s']", snprintf(pim_if_xpath, sizeof(pim_if_xpath),
VTY_CURR_XPATH, "frr-routing:ipv4"); "%s/frr-pim:pim/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
if (printed >= (int)(sizeof(pim_if_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
pim_enable_dnode = yang_dnode_getf(vty->candidate_config->dnode, pim_enable_dnode = yang_dnode_getf(vty->candidate_config->dnode,
FRR_PIM_ENABLE_XPATH, VTY_CURR_XPATH, FRR_PIM_ENABLE_XPATH, VTY_CURR_XPATH,
@ -8406,11 +8427,19 @@ DEFUN_HIDDEN (interface_no_ip_pim_ssm,
IFACE_PIM_STR) IFACE_PIM_STR)
{ {
const struct lyd_node *igmp_enable_dnode; const struct lyd_node *igmp_enable_dnode;
char igmp_if_xpath[XPATH_MAXLEN + 20]; char igmp_if_xpath[XPATH_MAXLEN];
int printed =
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
if (printed >= (int)(sizeof(igmp_if_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
igmp_enable_dnode = yang_dnode_getf(vty->candidate_config->dnode, igmp_enable_dnode = yang_dnode_getf(vty->candidate_config->dnode,
FRR_GMP_ENABLE_XPATH, FRR_GMP_ENABLE_XPATH,
VTY_CURR_XPATH, VTY_CURR_XPATH,
@ -8441,11 +8470,19 @@ DEFUN_HIDDEN (interface_no_ip_pim_sm,
IFACE_PIM_SM_STR) IFACE_PIM_SM_STR)
{ {
const struct lyd_node *igmp_enable_dnode; const struct lyd_node *igmp_enable_dnode;
char igmp_if_xpath[XPATH_MAXLEN + 20]; char igmp_if_xpath[XPATH_MAXLEN];
int printed =
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
if (printed >= (int)(sizeof(igmp_if_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
igmp_enable_dnode = igmp_enable_dnode =
yang_dnode_getf(vty->candidate_config->dnode, yang_dnode_getf(vty->candidate_config->dnode,
FRR_GMP_ENABLE_XPATH, VTY_CURR_XPATH, FRR_GMP_ENABLE_XPATH, VTY_CURR_XPATH,
@ -8477,11 +8514,19 @@ DEFUN (interface_no_ip_pim,
PIM_STR) PIM_STR)
{ {
const struct lyd_node *igmp_enable_dnode; const struct lyd_node *igmp_enable_dnode;
char igmp_if_xpath[XPATH_MAXLEN + 20]; char igmp_if_xpath[XPATH_MAXLEN];
int printed =
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
if (printed >= (int)(sizeof(igmp_if_xpath))) {
vty_out(vty, "Xpath too long (%d > %u)", printed + 1,
XPATH_MAXLEN);
return CMD_WARNING_CONFIG_FAILED;
}
snprintf(igmp_if_xpath, sizeof(igmp_if_xpath),
"%s/frr-gmp:gmp/address-family[address-family='%s']",
VTY_CURR_XPATH, "frr-routing:ipv4");
igmp_enable_dnode = igmp_enable_dnode =
yang_dnode_getf(vty->candidate_config->dnode, yang_dnode_getf(vty->candidate_config->dnode,
FRR_GMP_ENABLE_XPATH, VTY_CURR_XPATH, FRR_GMP_ENABLE_XPATH, VTY_CURR_XPATH,