From c01f03164456b638b2bfa11521eedaa2feefd855 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Mon, 13 May 2024 02:10:15 -0400
Subject: [PATCH] [iccpd]: Add boundary check before memset, memcpy, strncpy
 (#18270)

Add boundary check before memset, memcpy, strncpy calls to prevent buffer overflow

Microsoft ADO (number only): 27008041

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 src/iccpd/src/iccp_cli.c | 22 +++++++++++++++++++++-
 src/iccpd/src/iccp_cmd.c |  4 ++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/iccpd/src/iccp_cli.c b/src/iccpd/src/iccp_cli.c
index 59235215bffb..54b1e890762e 100644
--- a/src/iccpd/src/iccp_cli.c
+++ b/src/iccpd/src/iccp_cli.c
@@ -117,7 +117,12 @@ int set_peer_link(int mid, const char* ifname)
                        csm->mlag_id, ifname);
     }
 
-    memset(csm->peer_itf_name, 0, MAX_L_PORT_NAME);
+    memset(csm->peer_itf_name, 0, IFNAMSIZ);
+    if (len > IFNAMSIZ)
+    {
+        ICCPD_LOG_ERR(__FUNCTION__, "len=%d greater than IFNAMESIZ=%d", len, IFNAMSIZ);
+        return MCLAG_ERROR;
+    }
     memcpy(csm->peer_itf_name, ifname, len);
 
     /* update peer-link link handler*/
@@ -208,8 +213,18 @@ int set_local_address(int mid, const char* addr)
 
     len = strlen(addr);
     memset(csm->sender_ip, 0, INET_ADDRSTRLEN);
+    if (len > INET_ADDRSTRLEN)
+    {
+        ICCPD_LOG_ERR(__FUNCTION__, "len=%d greater than INET_ADDRSTRLEN=%d ", len, INET_ADDRSTRLEN);
+        return MCLAG_ERROR;
+    }
     memcpy(csm->sender_ip, addr, len);
     memset(csm->iccp_info.sender_name, 0, INET_ADDRSTRLEN);
+    if (len > INET_ADDRSTRLEN)
+    {
+        ICCPD_LOG_ERR(__FUNCTION__, "len=%d greater than INET_ADDRSTRLEN=%d ", len, INET_ADDRSTRLEN);
+        return MCLAG_ERROR;
+    }
     memcpy(csm->iccp_info.sender_name, addr, len);
 
     return 0;
@@ -268,6 +283,11 @@ int set_peer_address(int mid, const char* addr)
     }
 
     memset(csm->peer_ip, 0, INET_ADDRSTRLEN);
+    if (len > INET_ADDRSTRLEN)
+    {
+        ICCPD_LOG_ERR(__FUNCTION__, "len=%d greater than INET_ADDRSTRLEN=%d ", len, INET_ADDRSTRLEN);
+        return MCLAG_ERROR;
+    }
     memcpy(csm->peer_ip, addr, len);
 
     return 0;
diff --git a/src/iccpd/src/iccp_cmd.c b/src/iccpd/src/iccp_cmd.c
index 8b39b73d0f6b..134b293c0909 100644
--- a/src/iccpd/src/iccp_cmd.c
+++ b/src/iccpd/src/iccp_cmd.c
@@ -135,6 +135,10 @@ int iccp_config_from_command(char * line)
                 cp++;
 
             slen = cp - start;
+            if (slen > strlen(token))
+            {
+                return MCLAG_ERROR;
+            }
             strncpy(token, start, slen);
             *(token + slen) = '\0';
             iccp_cli_attach_mclag_domain_to_port_channel(mid, token);