mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-30 22:05:19 +00:00
Code Issues Releases Wiki Activity

flow: Avoid buffer overread in parse_nsh() for malformed packet.

Browse Source 
Found by libfuzzer.

CC: Jan Scheurich <jan.scheurich@ericsson.com>
Fixes: 7edef47b48 ("NSH: Minor bugfixes")
Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jan Scheurich <jan.scheurich@ericsson.com>
This commit is contained in:
Ben Pfaff
2017-11-29 08:30:00 -08:00
parent 134fefa4de
commit 14fae3e093
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/flow.c
View File

@@ -553,7 +553,7 @@ parse_nsh(const void **datap, size_t *sizep, struct flow_nsh *key)
/* NSH header length is in 4 byte words. */
length = ((ver_flags_len & NSH_LEN_MASK) >> NSH_LEN_SHIFT) << 2;
if (version != 0) {
if (length > *sizep || version != 0) {
return false;
}