hsa: fix memory management bugs
Fix use-after-free and non-null terminated string.
Type: fix
Change-Id: Ibba2a6cae68c612a34477aa813b3bf27a0c8fc1f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
diff --git a/src/plugins/hs_apps/echo_client.c b/src/plugins/hs_apps/echo_client.c
index dc1384c..076fca2 100644
--- a/src/plugins/hs_apps/echo_client.c
+++ b/src/plugins/hs_apps/echo_client.c
@@ -370,6 +370,7 @@
u8 thread_index = vlib_get_thread_index ();
session_endpoint_cfg_t sep = SESSION_ENDPOINT_CFG_NULL;
u32 stream_n;
+ session_handle_t handle;
DBG ("QUIC Connection handle %d", session_handle (s));
@@ -377,7 +378,7 @@
a->uri = (char *) ecm->connect_uri;
if (parse_uri (a->uri, &sep))
return -1;
- sep.parent_handle = session_handle (s);
+ sep.parent_handle = handle = session_handle (s);
for (stream_n = 0; stream_n < ecm->quic_streams; stream_n++)
{
@@ -394,8 +395,11 @@
}
DBG ("QUIC stream %d connected", stream_n);
}
- vec_add1 (ecm->quic_session_index_by_thread[thread_index],
- session_handle (s));
+ /*
+ * 's' is no longer valid, its underlying pool could have been moved in
+ * vnet_connect()
+ */
+ vec_add1 (ecm->quic_session_index_by_thread[thread_index], handle);
vec_free (a);
return 0;
}
diff --git a/src/plugins/hs_apps/sapi/vpp_echo.c b/src/plugins/hs_apps/sapi/vpp_echo.c
index 1899759..c72bf18 100644
--- a/src/plugins/hs_apps/sapi/vpp_echo.c
+++ b/src/plugins/hs_apps/sapi/vpp_echo.c
@@ -160,7 +160,7 @@
s = format (0, "%U:%U",
echo_format_timing_event, em->timing.start_event,
echo_format_timing_event, em->timing.end_event);
- fformat (stdout, "Timing %s\n", s);
+ fformat (stdout, "Timing %v\n", s);
fformat (stdout, "-------- TX --------\n");
fformat (stdout, "%lld bytes (%lld mbytes, %lld gbytes) in %.6f seconds\n",
em->stats.tx_total, em->stats.tx_total / (1ULL << 20),
@@ -220,8 +220,8 @@
s = pool_elt_at_index (em->sessions, *session_index);
echo_session_handle_add_del (em, s->vpp_session_handle,
SESSION_INVALID_INDEX);
- pool_put (em->sessions, s);
clib_memset (s, 0xfe, sizeof (*s));
+ pool_put (em->sessions, s);
}
}