diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2017-11-03 14:09:24 -0400 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2017-11-06 10:34:51 -0500 |
| commit | edf344ebff93f9ae470ec2a373b5fa65c1442670 (patch) | |
| tree | e54364b7f4b77d13392ef1ea411df41580a3ee44 /doc/code/conf.py | |
| parent | 608646688be673edfa55d089ea11997d6a3e7794 (diff) | |
bgpd: Fix crash with ecommunity string
When we are displaying a extended community ECOMMUNITY_SITE_ORIGIN
the display sprintf is this:
len = sprintf(
str_buf + str_pnt,
"EVPN:%02x:%02x:%02x:%02x:%02x:%02x",
macaddr[0], macaddr[1], macaddr[2],
macaddr[3], macaddr[4], macaddr[5]);
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Diffstat (limited to 'doc/code/conf.py')
0 files changed, 0 insertions, 0 deletions