From 716346cb67b705a164a2203ab38aefe4a84cd826 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Fri, 22 Jan 2010 15:12:34 -0800 Subject: [PATCH] Don't go beyond buffer length when printing descriptions Prevent reading past the end of the buffer when a description is not null-terminated. Reported-by: Ben Pfaff --- lib/ofp-print.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/ofp-print.c b/lib/ofp-print.c index 7b3b77c52..0b8dc522d 100644 --- a/lib/ofp-print.c +++ b/lib/ofp-print.c @@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body, size_t len UNUSED, { const struct ofp_desc_stats *ods = body; - ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc); - ds_put_format(string, "Hardware: %s\n", ods->hw_desc); - ds_put_format(string, "Software: %s\n", ods->sw_desc); - ds_put_format(string, "Serial Num: %s\n", ods->serial_num); - ds_put_format(string, "DP Description: %s\n", ods->dp_desc); + ds_put_format(string, "Manufacturer: %.*s\n", + (int) sizeof ods->mfr_desc, ods->mfr_desc); + ds_put_format(string, "Hardware: %.*s\n", + (int) sizeof ods->hw_desc, ods->hw_desc); + ds_put_format(string, "Software: %.*s\n", + (int) sizeof ods->sw_desc, ods->sw_desc); + ds_put_format(string, "Serial Num: %.*s\n", + (int) sizeof ods->serial_num, ods->serial_num); + ds_put_format(string, "DP Description: %.*s\n", + (int) sizeof ods->dp_desc, ods->dp_desc); } static void -- 2.43.0