[ovs-dev] [PATCH] Don't go beyond buffer length when printing descriptions
Justin Pettit
jpettit at nicira.com
Fri Jan 22 23:16:08 UTC 2010
Prevent reading past the end of the buffer when a description is not
null-terminated.
Reported-by: Ben Pfaff <blp at nicira.com>
---
lib/ofp-print.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 3c2dfff..f8c40e8 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body, size_t len UNUSED,
{
const struct ofp_desc_stats *ods = body;
- ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc);
- ds_put_format(string, "Hardware: %s\n", ods->hw_desc);
- ds_put_format(string, "Software: %s\n", ods->sw_desc);
- ds_put_format(string, "Serial Num: %s\n", ods->serial_num);
- ds_put_format(string, "DP Description: %s\n", ods->dp_desc);
+ ds_put_format(string, "Manufacturer: %.*s\n",
+ (int) sizeof ods->mfr_desc, ods->mfr_desc);
+ ds_put_format(string, "Hardware: %.*s\n",
+ (int) sizeof ods->hw_desc, ods->hw_desc);
+ ds_put_format(string, "Software: %.*s\n",
+ (int) sizeof ods->sw_desc, ods->sw_desc);
+ ds_put_format(string, "Serial Num: %.*s\n",
+ (int) sizeof ods->serial_num, ods->serial_num);
+ ds_put_format(string, "DP Description: %.*s\n",
+ (int) sizeof ods->dp_desc, ods->dp_desc);
}
static void
--
1.6.5.5
More information about the dev
mailing list