lib: Link State memory corruption

In function ls_find_subnet(), prefix argument is directly copied into
subnet.key structure to find corresponding subnet in RB Tree. This could leadr
to a memory corruption. Function prefix_copy() must be used instead.

This patch replaces the direct prefix copy by a call to prefix_copy() function
to avoid this memory issue.

Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>

diff --git a/lib/link_state.c b/lib/link_state.c
index 0aba021b1af7f7597f051db7016b6226441fecb0..c06a42b64e66dffda182cba6331954aabd150e5e 100644 (file)
--- a/lib/link_state.c
+++ b/lib/link_state.c
@@ -947,7 +947,10 @@ struct ls_subnet *ls_find_subnet(struct ls_ted *ted,
 {
        struct ls_subnet subnet = {};
 
-       subnet.key = *prefix;
+       if (!prefix)
+               return NULL;
+
+       prefix_copy(&subnet.key, prefix);
        return subnets_find(&ted->subnets, &subnet);
 }