From aec9d23fb4bdfbfe5beb4b0fd5e2f51d12777d69 Mon Sep 17 00:00:00 2001
From: Renato Westphal <renato@opensourcerouting.org>
Date: Fri, 19 Oct 2018 15:54:47 -0300
Subject: [PATCH] bgpd: fix crashes caused by missing input validation

The rfapi code wasn't checking if strtoul() succeeded or not when parsing
the list of labels. Fix the affected commands by not allowing the user
to enter a non-numeric input.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
---
 bgpd/rfapi/bgp_rfapi_cfg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bgpd/rfapi/bgp_rfapi_cfg.c b/bgpd/rfapi/bgp_rfapi_cfg.c
index 3c472dda48..e4e6760612 100644
--- a/bgpd/rfapi/bgp_rfapi_cfg.c
+++ b/bgpd/rfapi/bgp_rfapi_cfg.c
@@ -3475,7 +3475,7 @@ DEFUN (vnc_l2_group_lni,
 
 DEFUN (vnc_l2_group_labels,
        vnc_l2_group_labels_cmd,
-       "labels LABELLIST...",
+       "labels (0-1048575)...",
        "Specify label values associated with group\n"
        "Space separated list of label values <0-1048575>\n")
 {
@@ -3509,7 +3509,7 @@ DEFUN (vnc_l2_group_labels,
 
 DEFUN (vnc_l2_group_no_labels,
        vnc_l2_group_no_labels_cmd,
-       "no labels LABELLIST...",
+       "no labels (0-1048575)...",
        NO_STR
        "Specify label values associated with L2 group\n"
        "Space separated list of label values <0-1048575>\n")
-- 
2.39.5