mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-05 13:26:41 +00:00
Code Issues Releases Wiki Activity

dpif: Use separate OVS_PACKET_ATTR_PROBE for packet messges

Browse Source 
User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.

Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining binary compatibility with existing OVS binaries.

Fixes: 9233ce ("datapath: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Jesse Gross <jesse@nicira.com>
This commit is contained in:
Thomas Graf
2015-01-15 00:17:31 +01:00
parent afc3987b51
commit 2e460098bf
4 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dpif-netlink.c
View File

@@ -1530,7 +1530,7 @@ dpif_netlink_encode_execute(int dp_ifindex, const struct dpif_execute *d_exec,
nl_msg_put_unspec(buf, OVS_PACKET_ATTR_ACTIONS,
d_exec->actions, d_exec->actions_len);
if (d_exec->probe) {
nl_msg_put_flag(buf, OVS_FLOW_ATTR_PROBE);
nl_msg_put_flag(buf, OVS_PACKET_ATTR_PROBE);
}
}