From: Justin Pettit <jpettit@nicira.com>
Date: Fri, 22 Jan 2010 23:12:34 +0000 (-0800)
Subject: Don't go beyond buffer length when printing descriptions
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=716346cb67b705a164a2203ab38aefe4a84cd826;p=sliver-openvswitch.git

Don't go beyond buffer length when printing descriptions

Prevent reading past the end of the buffer when a description is not
null-terminated.

Reported-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 7b3b77c52..0b8dc522d 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body, size_t len UNUSED,
 {
     const struct ofp_desc_stats *ods = body;
 
-    ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc);
-    ds_put_format(string, "Hardware: %s\n", ods->hw_desc);
-    ds_put_format(string, "Software: %s\n", ods->sw_desc);
-    ds_put_format(string, "Serial Num: %s\n", ods->serial_num);
-    ds_put_format(string, "DP Description: %s\n", ods->dp_desc);
+    ds_put_format(string, "Manufacturer: %.*s\n", 
+            (int) sizeof ods->mfr_desc, ods->mfr_desc);
+    ds_put_format(string, "Hardware: %.*s\n",
+            (int) sizeof ods->hw_desc, ods->hw_desc);
+    ds_put_format(string, "Software: %.*s\n",
+            (int) sizeof ods->sw_desc, ods->sw_desc);
+    ds_put_format(string, "Serial Num: %.*s\n",
+            (int) sizeof ods->serial_num, ods->serial_num);
+    ds_put_format(string, "DP Description: %.*s\n",
+            (int) sizeof ods->dp_desc, ods->dp_desc);
 }
 
 static void