Hi Guys,
Way over in src/vnet/dhcp/dhcp_api.c, we find the function
void
dhcp_compl_event_callback (u32 client_index, u32 pid, u8 * hostname,
u8 is_ipv6, u8 * host_address, u8 *
router_address,
u8 * host_mac)
which contains a curious use of the newline character:
mp = vl_msg_api_alloc (sizeof (*mp));
mp->client_index = client_index;
mp->pid = pid;
mp->is_ipv6 = is_ipv6;
clib_memcpy (&mp->hostname, hostname, vec_len (hostname));
mp->hostname[vec_len (hostname) + 1] = '\n';
clib_memcpy (&mp->host_address[0], host_address, 16);
clib_memcpy (&mp->router_address[0], router_address, 16);
So, is that '\n' supposed to be 0 instead?
Or is that value used in some odd location that requires an
actual newline here?
What happens if the user supplies a hostname of exactly 63
octets and this newline is added? There is at least one
use of strncpy() on this hostname value, so it seems fragile
to me at the fencepost.
Pedantically yours,
jdl
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
