[ovs-dev] [valgrind 1/2] Zero padding bytes in odp_key_ipv4, odp_key_arp.

Justin Pettit jpettit at nicira.com
Thu Feb 3 22:44:40 UTC 2011


Since you sent this out for review, we pushed the IPv6 code.  The ipv6_key structure has a similar hole to IPv4.  Would you mind adding it to this commit before you push?

--Justin


On Feb 1, 2011, at 11:43 AM, Ben Pfaff wrote:

> This is a potential security issue for the kernel.  In userspace it just
> provokes false-positive valgrind warnings (which is how I found it).
> 
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
> datapath/flow.c |    2 ++
> lib/odp-util.c  |    2 ++
> 2 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/datapath/flow.c b/datapath/flow.c
> index eb67cf4..d678769 100644
> --- a/datapath/flow.c
> +++ b/datapath/flow.c
> @@ -622,6 +622,7 @@ int flow_to_nlattrs(const struct sw_flow_key *swkey, struct sk_buff *skb)
> 		if (!nla)
> 			goto nla_put_failure;
> 		ipv4_key = nla_data(nla);
> +		memset(ipv4_key, 0, sizeof *ipv4_key);
> 		ipv4_key->ipv4_src = swkey->nw_src;
> 		ipv4_key->ipv4_dst = swkey->nw_dst;
> 		ipv4_key->ipv4_proto = swkey->nw_proto;
> @@ -662,6 +663,7 @@ int flow_to_nlattrs(const struct sw_flow_key *swkey, struct sk_buff *skb)
> 		if (!nla)
> 			goto nla_put_failure;
> 		arp_key = nla_data(nla);
> +		memset(arp_key, 0, sizeof *arp_key);
> 		arp_key->arp_sip = swkey->nw_src;
> 		arp_key->arp_tip = swkey->nw_dst;
> 		arp_key->arp_op = htons(swkey->nw_proto);
> diff --git a/lib/odp-util.c b/lib/odp-util.c
> index e50b578..34267c6 100644
> --- a/lib/odp-util.c
> +++ b/lib/odp-util.c
> @@ -381,6 +381,7 @@ odp_flow_key_from_flow(struct ofpbuf *buf, const struct flow *flow)
> 
>         ipv4_key = nl_msg_put_unspec_uninit(buf, ODP_KEY_ATTR_IPV4,
>                                             sizeof *ipv4_key);
> +        memset(ipv4_key, 0, sizeof *ipv4_key);
>         ipv4_key->ipv4_src = flow->nw_src;
>         ipv4_key->ipv4_dst = flow->nw_dst;
>         ipv4_key->ipv4_proto = flow->nw_proto;
> @@ -413,6 +414,7 @@ odp_flow_key_from_flow(struct ofpbuf *buf, const struct flow *flow)
> 
>         arp_key = nl_msg_put_unspec_uninit(buf, ODP_KEY_ATTR_ARP,
>                                            sizeof *arp_key);
> +        memset(arp_key, 0, sizeof *arp_key);
>         arp_key->arp_sip = flow->nw_src;
>         arp_key->arp_tip = flow->nw_dst;
>         arp_key->arp_op = htons(flow->nw_proto);
> -- 
> 1.7.1
> 
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org





More information about the dev mailing list