mgmt,rib: check command length before accessing verb
refs: #2151
Change-Id: I0e67fd4b4df10d842648797ed42771af7c53a938
diff --git a/daemon/mgmt/face-manager.cpp b/daemon/mgmt/face-manager.cpp
index c88329c..03e2f42 100644
--- a/daemon/mgmt/face-manager.cpp
+++ b/daemon/mgmt/face-manager.cpp
@@ -844,10 +844,18 @@
{
const Name& command = request.getName();
const size_t commandNComps = command.size();
- const Name::Component& verb = command.get(COMMAND_PREFIX.size());
- UnsignedVerbDispatchTable::const_iterator unsignedVerbProcessor =
- m_unsignedVerbDispatch.find(verb);
+ if (commandNComps <= COMMAND_PREFIX.size())
+ {
+ // command is too short to have a verb
+ NFD_LOG_DEBUG("command result: malformed");
+ sendResponse(command, 400, "Malformed command");
+ return;
+ }
+
+ const Name::Component& verb = command.at(COMMAND_PREFIX.size());
+
+ const auto unsignedVerbProcessor = m_unsignedVerbDispatch.find(verb);
if (unsignedVerbProcessor != m_unsignedVerbDispatch.end())
{
NFD_LOG_DEBUG("command result: processing verb: " << verb);
diff --git a/daemon/mgmt/fib-manager.cpp b/daemon/mgmt/fib-manager.cpp
index 5c91547..3db26e7 100644
--- a/daemon/mgmt/fib-manager.cpp
+++ b/daemon/mgmt/fib-manager.cpp
@@ -104,9 +104,18 @@
{
const Name& command = request.getName();
const size_t commandNComps = command.size();
- const Name::Component& verb = command.get(COMMAND_PREFIX.size());
- UnsignedVerbDispatchTable::const_iterator unsignedVerbProcessor = m_unsignedVerbDispatch.find(verb);
+ if (commandNComps <= COMMAND_PREFIX.size())
+ {
+ // command is too short to have a verb
+ NFD_LOG_DEBUG("command result: malformed");
+ sendResponse(command, 400, "Malformed command");
+ return;
+ }
+
+ const Name::Component& verb = command.at(COMMAND_PREFIX.size());
+
+ const auto unsignedVerbProcessor = m_unsignedVerbDispatch.find(verb);
if (unsignedVerbProcessor != m_unsignedVerbDispatch.end())
{
NFD_LOG_DEBUG("command result: processing verb: " << verb);
diff --git a/daemon/mgmt/strategy-choice-manager.cpp b/daemon/mgmt/strategy-choice-manager.cpp
index e93353b..4f2728c 100644
--- a/daemon/mgmt/strategy-choice-manager.cpp
+++ b/daemon/mgmt/strategy-choice-manager.cpp
@@ -72,6 +72,13 @@
listStrategies(request);
return;
}
+ else if (commandNComps <= COMMAND_PREFIX.size())
+ {
+ // command is too short to have a verb
+ NFD_LOG_DEBUG("command result: malformed");
+ sendResponse(command, 400, "Malformed command");
+ return;
+ }
if (COMMAND_UNSIGNED_NCOMPS <= commandNComps &&
commandNComps < COMMAND_SIGNED_NCOMPS)
@@ -116,7 +123,7 @@
return;
}
- const Name::Component& verb = command[COMMAND_PREFIX.size()];
+ const Name::Component& verb = command.at(COMMAND_PREFIX.size());
ControlResponse response;
if (verb == VERB_SET)
{