ospfd: Stop attempt to read beyond end of argv

When unconfiguring certain commands in ospf, you can run into situations where we attempt to read beyond the end of a argv[] vector created. On certain platforms this will crash it. Ticket: CM-14090 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
author: Donald Sharp <sharpd@cumulusnetworks.com> 2017-01-05 18:52:18 +0100
committer: Donald Sharp <sharpd@cumulusnetworks.com> 2017-01-06 01:39:56 +0100
commit: 36da066554254ffe8d6224f2b3938ba2c0c3a2e0 (patch)
tree: 03de3de426c097acd125038334c08ff05d125f5c /ospfd
parent: lib: Stop potential uninitialized memory access (diff)
download: frr-36da066554254ffe8d6224f2b3938ba2c0c3a2e0.tar.xz
frr-36da066554254ffe8d6224f2b3938ba2c0c3a2e0.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
index 1b7c43147..2c3aaa680 100644
--- a/ospfd/ospf_vty.c
+++ b/ospfd/ospf_vty.c
@@ -1290,10 +1290,15 @@ DEFUN (no_ospf_area_vlink,
 	  /* message-digest-key */
 	  /* Delete one key */
 	  i++;
-	  vl_config.crypto_key_id = strtol (argv[i], NULL, 10);
-	  if (vl_config.crypto_key_id < 0)
+	  if (i < argc)
+	    {
+	      vl_config.crypto_key_id = strtol (argv[i], NULL, 10);
+	      if (vl_config.crypto_key_id < 0)
+		return CMD_WARNING;
+	      vl_config.md5_key = NULL;
+	    }
+	  else
 	    return CMD_WARNING;
-	  vl_config.md5_key = NULL; 
 	  break;
 
 	case 'h':
author	Donald Sharp <sharpd@cumulusnetworks.com>	2017-01-05 18:52:18 +0100
committer	Donald Sharp <sharpd@cumulusnetworks.com>	2017-01-06 01:39:56 +0100
commit	36da066554254ffe8d6224f2b3938ba2c0c3a2e0 (patch)
tree	03de3de426c097acd125038334c08ff05d125f5c /ospfd
parent	lib: Stop potential uninitialized memory access (diff)
download	frr-36da066554254ffe8d6224f2b3938ba2c0c3a2e0.tar.xz frr-36da066554254ffe8d6224f2b3938ba2c0c3a2e0.zip