OpenContrail

Coverity reports buffer overrun in vif utility

Bug #1775844 reported by Andrei Bunghez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Committed
High
Andrei Bunghez
Juniper Openstack r5.0.2
Trunk
Fix Committed
High
Andrei Bunghez
Juniper Openstack r5.1.0
OpenContrail
New
Undecided
Unassigned

Bug Description

Hi all,

Coverity reports a possible buffer overrun in the vif utility, in vr_if_flags function. The flag_string buffer might be filled up while copying interface flag symbols since there is no checking on length (59760).

Cheers,
Andrei

Tags: vrouter
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/43654
Submitter: Andrei Bunghez (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/43655
Submitter: Andrei Bunghez (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/43654
Submitter: Andrei Bunghez (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/43655
Submitter: Andrei Bunghez (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/43655
Committed: http://github.com/Juniper/contrail-vrouter/commit/3f55231a6d3020f22af726bdc778a801333e7f3f
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 3f55231a6d3020f22af726bdc778a801333e7f3f
Author: Andrei Bunghez <email address hidden>
Date: Fri Jun 8 13:23:50 2018 +0000

Buffer overrun in vif utility

Coverity reports a possible buffer overrun in the vif utility,
in vr_if_flags function. The flag_string buffer might be filled
up while copying interface flag symbols since there is no checking
on length. (59760)
Increasing flag_string to 64, which should cover the combination of
all possible flags at this moment, and checking total length of generated
string.

Change-Id: I9eb98a7109687f88a69862ac3b77a18576d462b1
Closes-Bug: #1775844

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/43654
Committed: http://github.com/Juniper/contrail-vrouter/commit/d53c7c1c6ca584198758b2195eb4946f8a251178
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit d53c7c1c6ca584198758b2195eb4946f8a251178
Author: Andrei Bunghez <email address hidden>
Date: Fri Jun 8 13:23:50 2018 +0000

Buffer overrun in vif utility

Coverity reports a possible buffer overrun in the vif utility,
in vr_if_flags function. The flag_string buffer might be filled
up while copying interface flag symbols since there is no checking
on length. (59760)
Increasing flag_string to 64, which should cover the combination of
all possible flags at this moment, and checking total length of generated
string.

Change-Id: I9eb98a7109687f88a69862ac3b77a18576d462b1
Closes-Bug: #1775844

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.