diff options
| author | Lakshman Krishnamoorthy <lkrishnamoor@vmware.com> | 2019-05-30 23:56:55 +0200 |
|---|---|---|
| committer | Lakshman Krishnamoorthy <lkrishnamoor@vmware.com> | 2019-05-31 19:52:33 +0200 |
| commit | 63e653a21f59a17810d597ec35b20fb13bae6692 (patch) | |
| tree | a9927f2c17804c1eb815ceef886c4f9ba866252b /vtysh/vtysh_config.c | |
| parent | Merge pull request #4413 from donaldsharp/bgp_distance_comes_closer (diff) | |
| download | frr-63e653a21f59a17810d597ec35b20fb13bae6692.tar.xz frr-63e653a21f59a17810d597ec35b20fb13bae6692.zip | |
lib: crash when FRR hostname length > 80 chars
Although the RFC states hostname length should be < 255 chars,
FRR allows infinite length technically. However, when you try
to set a hostname > 80 chars, you would immediately notice a crash.
RCA: Crash due to buffer overflow. Large buffer sprintf'd into smaller
buffer. Usage of sprintf function instead of snprintf which is safer.
Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
Diffstat (limited to 'vtysh/vtysh_config.c')
| -rw-r--r-- | vtysh/vtysh_config.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/vtysh/vtysh_config.c b/vtysh/vtysh_config.c index cf94ab643..9c2de0f62 100644 --- a/vtysh/vtysh_config.c +++ b/vtysh/vtysh_config.c @@ -521,10 +521,10 @@ int vtysh_read_config(const char *config_default_dir) */ void vtysh_config_write(void) { - char line[81]; + char line[512]; if (cmd_hostname_get()) { - sprintf(line, "hostname %s", cmd_hostname_get()); + snprintf(line, sizeof(line), "hostname %s", cmd_hostname_get()); vtysh_config_parse_line(NULL, line); } |