mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-31 14:25:26 +00:00
Code Issues Releases Wiki Activity

ofp-actions: Prevent integer overflow in decode.

Browse Source 
When decoding a variable-length action, if the length of the action
exceeds the length storable in a uint16_t then something has gone
terribly wrong. Assert that this is not the case.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
This commit is contained in:
Joe Stringer
2016-03-03 21:22:50 +13:00
parent 19b58f3cbc
commit 5308056f53
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/ofp-actions.c
View File

@@ -7401,8 +7401,12 @@ ofpact_init(struct ofpact *ofpact, enum ofpact_type type, size_t len)
void
ofpact_finish(struct ofpbuf *ofpacts, struct ofpact *ofpact)
{
ptrdiff_t len;
ovs_assert(ofpact == ofpacts->header);
ofpact->len = (char *) ofpbuf_tail(ofpacts) - (char *) ofpact;
len = (char *) ofpbuf_tail(ofpacts) - (char *) ofpact;
ovs_assert(len <= UINT16_MAX);
ofpact->len = len;
ofpbuf_padto(ofpacts, OFPACT_ALIGN(ofpacts->size));
}