From: Justin Pettit <jpettit@nicira.com>
Date: Fri, 22 Jan 2010 23:12:34 +0000 (-0800)
Subject: Don't go beyond buffer length when printing descriptions
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd70b47582e7619367840c5befe9dcfe235e6839;p=openvswitch

Don't go beyond buffer length when printing descriptions

Prevent reading past the end of the buffer when a description is not
null-terminated.

Reported-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 5d06b96f..b392d83e 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -933,11 +933,16 @@ ofp_desc_stats_reply(struct ds *string, const void *body,
 {
     const struct ofp_desc_stats *ods = body;
 
-    ds_put_format(string, "Manufacturer: %s\n", ods->mfr_desc);
-    ds_put_format(string, "Hardware: %s\n", ods->hw_desc);
-    ds_put_format(string, "Software: %s\n", ods->sw_desc);
-    ds_put_format(string, "Serial Num: %s\n", ods->serial_num);
-    ds_put_format(string, "DP Description: %s\n", ods->dp_desc);
+    ds_put_format(string, "Manufacturer: %.*s\n", 
+            (int) sizeof ods->mfr_desc, ods->mfr_desc);
+    ds_put_format(string, "Hardware: %.*s\n",
+            (int) sizeof ods->hw_desc, ods->hw_desc);
+    ds_put_format(string, "Software: %.*s\n",
+            (int) sizeof ods->sw_desc, ods->sw_desc);
+    ds_put_format(string, "Serial Num: %.*s\n",
+            (int) sizeof ods->serial_num, ods->serial_num);
+    ds_put_format(string, "DP Description: %.*s\n",
+            (int) sizeof ods->dp_desc, ods->dp_desc);
 }
 
 static void