Don't go beyond buffer length when printing descriptions

Prevent reading past the end of the buffer when a description is not
null-terminated.

Reported-by: Ben Pfaff <blp@nicira.com>

diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 5d06b96f9df4cafe5751846ac7730a49c288b04b..b392d83ea507e6eca42221cbe8b3f26ac2fc7139 100644 (file)
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body,
 {
     const struct ofp_desc_stats *ods = body;
 
-    ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc);
-    ds_put_format(string, "Hardware: %s\n", ods->hw_desc);
-    ds_put_format(string, "Software: %s\n", ods->sw_desc);
-    ds_put_format(string, "Serial Num: %s\n", ods->serial_num);
-    ds_put_format(string, "DP Description: %s\n", ods->dp_desc);
+    ds_put_format(string, "Manufacturer: %.*s\n", 
+            (int) sizeof ods->mfr_desc, ods->mfr_desc);
+    ds_put_format(string, "Hardware: %.*s\n",
+            (int) sizeof ods->hw_desc, ods->hw_desc);
+    ds_put_format(string, "Software: %.*s\n",
+            (int) sizeof ods->sw_desc, ods->sw_desc);
+    ds_put_format(string, "Serial Num: %.*s\n",
+            (int) sizeof ods->serial_num, ods->serial_num);
+    ds_put_format(string, "DP Description: %.*s\n",
+            (int) sizeof ods->dp_desc, ods->dp_desc);
 }
 
 static void