[ovs-dev] [PATCH] Don't go beyond buffer length when printing descriptions

Fri Jan 22 23:16:08 UTC 2010

Prevent reading past the end of the buffer when a description is not
null-terminated.

Reported-by: Ben Pfaff <blp at nicira.com>
---
 lib/ofp-print.c |   15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 3c2dfff..f8c40e8 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body, size_t len UNUSED,
 {
     const struct ofp_desc_stats *ods = body;
 
-    ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc);
-    ds_put_format(string, "Hardware: %s\n", ods->hw_desc);
-    ds_put_format(string, "Software: %s\n", ods->sw_desc);
-    ds_put_format(string, "Serial Num: %s\n", ods->serial_num);
-    ds_put_format(string, "DP Description: %s\n", ods->dp_desc);
+    ds_put_format(string, "Manufacturer: %.*s\n", 
+            (int) sizeof ods->mfr_desc, ods->mfr_desc);
+    ds_put_format(string, "Hardware: %.*s\n",
+            (int) sizeof ods->hw_desc, ods->hw_desc);
+    ds_put_format(string, "Software: %.*s\n",
+            (int) sizeof ods->sw_desc, ods->sw_desc);
+    ds_put_format(string, "Serial Num: %.*s\n",
+            (int) sizeof ods->serial_num, ods->serial_num);
+    ds_put_format(string, "DP Description: %.*s\n",
+            (int) sizeof ods->dp_desc, ods->dp_desc);
 }
 
 static void
-- 
1.6.5.5



