[ovs-dev] [PATCH] ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions().
Ethan Jackson
ethan at nicira.com
Thu Oct 13 18:15:57 UTC 2011
Looks good.
Ethan
On Thu, Oct 13, 2011 at 10:17, Ben Pfaff <blp at nicira.com> wrote:
> execute_odp_actions() can be passed a zero-length set of actions, in which
> case it may not dereference its 'odp_actions' parameter at all, but in fact
> it did do so. In at least one corner case, odp_actions can be NULL, so
> that this caused a segfault.
>
> Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace
> actions from flows to actions."
>
> Reported-by: Pravin Shelar <pshelar at nicira.com>
> ---
> ofproto/ofproto-dpif.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
> index 36635fc..8e5a863 100644
> --- a/ofproto/ofproto-dpif.c
> +++ b/ofproto/ofproto-dpif.c
> @@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow,
> struct ofpbuf key;
> int error;
>
> - if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
> - && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
> + if (actions_len == 0) {
> + return true;
> + } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
> + && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
> struct user_action_cookie cookie;
> struct dpif_upcall upcall;
> uint64_t cookie_u64;
> --
> 1.7.4.4
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
More information about the dev
mailing list