XmppMessageBuikder::GetData() Fix potential data corruption
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
Trunk |
Fix Committed
|
High
|
Ananth Suryanarayana |
Bug Description
In XmppMessageBuil
In XmppMessageBuil
a temporary variable was returned to the caller in some case. This can cause
memory corruption because the the temporary string will get destroyed right
after it goes out of scope, in this case when we return to the caller from
GetData().
diff --git a/src/bgp/
index 4258edc..9402dae 100644
--- a/src/bgp/
+++ b/src/bgp/
@@ -516,7 +516,7 @@ bool BgpXmppMessage:
}
const uint8_t *BgpXmppMessage
- const string **msg_str) {
+ const string **msg_str, string *temp) {
// Build begin line that contains message opening tag with from and to
// attributes.
msg_
@@ -551,10 +551,10 @@ const uint8_t *BgpXmppMessage
*msg_str = &repr_;
return reinterpret_
} else {
- string temp = msg_begin_ + string(repr_, kMaxFromToLength);
- *lenp = temp.size();
+ *temp = msg_begin_ + string(repr_, kMaxFromToLength);
+ *lenp = temp->size();
*msg_str = NULL;
- return reinterpret_
+ return reinterpret_
}
}
Changed in juniperopenstack: | |
status: | New → In Progress |
Review in progress for https:/ /review. opencontrail. org/41171
Submitter: Ananth Suryanarayana (<email address hidden>)