From 7dd4f30dc5723bb26d58a2ec8426cd1d68db02c8 Mon Sep 17 00:00:00 2001
From: Renato Westphal <renato@opensourcerouting.org>
Date: Fri, 19 Oct 2018 15:54:47 -0300
Subject: [PATCH] bgpd: fix crashes caused by missing input validation

The rfapi code wasn't checking if strtoul() succeeded or not when parsing
the list of labels. Fix the affected commands by not allowing the user
to enter a non-numeric input.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
---
 bgpd/rfapi/bgp_rfapi_cfg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bgpd/rfapi/bgp_rfapi_cfg.c b/bgpd/rfapi/bgp_rfapi_cfg.c
index b5879df70..7a3ba2d1a 100644
--- a/bgpd/rfapi/bgp_rfapi_cfg.c
+++ b/bgpd/rfapi/bgp_rfapi_cfg.c
@@ -3475,7 +3475,7 @@ DEFUN (vnc_l2_group_lni,
 
 DEFUN (vnc_l2_group_labels,
        vnc_l2_group_labels_cmd,
-       "labels LABELLIST...",
+       "labels (0-1048575)...",
        "Specify label values associated with group\n"
        "Space separated list of label values <0-1048575>\n")
 {
@@ -3509,7 +3509,7 @@ DEFUN (vnc_l2_group_labels,
 
 DEFUN (vnc_l2_group_no_labels,
        vnc_l2_group_no_labels_cmd,
-       "no labels LABELLIST...",
+       "no labels (0-1048575)...",
        NO_STR
        "Specify label values associated with L2 group\n"
        "Space separated list of label values <0-1048575>\n")
-- 
2.39.5