lib: crash when FRR hostname length > 80 chars

Although the RFC states hostname length should be < 255 chars, FRR allows infinite length technically. However, when you try to set a hostname > 80 chars, you would immediately notice a crash. RCA: Crash due to buffer overflow. Large buffer sprintf'd into smaller buffer. Usage of sprintf function instead of snprintf which is safer. Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
author: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com> 2019-05-30 14:56:55 -0700
committer: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com> 2019-05-31 10:52:33 -0700
commit: 63e653a21f59a17810d597ec35b20fb13bae6692 (patch)
tree: a9927f2c17804c1eb815ceef886c4f9ba866252b /lib/command.c
parent: 979dd989c46c318ad489d3be9219383ba19980ae (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/command.c b/lib/command.c
index 29f41a712c..1d79dbddd2 100644
--- a/lib/command.c
+++ b/lib/command.c
@@ -1962,7 +1962,15 @@ DEFUN (config_hostname,
 	struct cmd_token *word = argv[1];
 
 	if (!isalnum((int)word->arg[0])) {
-		vty_out(vty, "Please specify string starting with alphabet\n");
+		vty_out(vty,
+		    "Please specify string starting with alphabet or number\n");
+		return CMD_WARNING_CONFIG_FAILED;
+	}
+
+	/* With reference to RFC 1123 Section 2.1 */
+	if (strlen(word->arg) > HOSTNAME_LEN) {
+		vty_out(vty, "Hostname length should be less than %d chars\n",
+			HOSTNAME_LEN);
 		return CMD_WARNING_CONFIG_FAILED;
 	}
author	Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>	2019-05-30 14:56:55 -0700
committer	Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>	2019-05-31 10:52:33 -0700
commit	63e653a21f59a17810d597ec35b20fb13bae6692 (patch)
tree	a9927f2c17804c1eb815ceef886c4f9ba866252b /lib/command.c
parent	979dd989c46c318ad489d3be9219383ba19980ae (diff)