mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-15 14:17:18 +00:00
Code Issues Releases Wiki Activity

odp-utils: Fix memory corruption while flow parsing.

Browse Source 
Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX,
we can write into a random memory address causing corruption. Fix it.

Bug #15702.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
This commit is contained in:
Gurucharan Shetty
2013-03-22 16:25:36 -07:00
parent bf1e8ff983
commit 2aef121425
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/odp-util.c
View File

@@ -1714,6 +1714,7 @@ parse_flow_nlattrs(const struct nlattr *key, size_t key_len,
uint64_t present_attrs; uint64_t present_attrs;
size_t left; size_t left;
BUILD_ASSERT(OVS_KEY_ATTR_MAX < CHAR_BIT * sizeof present_attrs);
present_attrs = 0; present_attrs = 0;
*out_of_range_attrp = 0; *out_of_range_attrp = 0;
NL_ATTR_FOR_EACH (nla, left, key, key_len) { NL_ATTR_FOR_EACH (nla, left, key, key_len) {
@@ -1728,7 +1729,7 @@ parse_flow_nlattrs(const struct nlattr *key, size_t key_len,
return false; return false;
} }
if (type >= CHAR_BIT * sizeof present_attrs) { if (type > OVS_KEY_ATTR_MAX) {
*out_of_range_attrp = type; *out_of_range_attrp = type;
} else { } else {
if (present_attrs & (UINT64_C(1) << type)) { if (present_attrs & (UINT64_C(1) << type)) {