[ovs-dev] [PATCH] ofp-util: Avoid use-after-free in ofputil_encode_flow_mod().
Justin Pettit
jpettit at nicira.com
Sun Jun 24 18:42:14 UTC 2012
Looks good. Thanks.
BTW, I'm planning to release 1.6.1 soon. Anything else you want to get in?
--Justin
On Jun 24, 2012, at 1:34 AM, Ben Pfaff wrote:
> nx_put_match() can reallocate the ofpbuf's data so we need to reload the
> pointer.
>
> Found by inspection.
>
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
> lib/ofp-util.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/lib/ofp-util.c b/lib/ofp-util.c
> index 6d820b2..cc3c9fd 100644
> --- a/lib/ofp-util.c
> +++ b/lib/ofp-util.c
> @@ -1776,6 +1776,7 @@ ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm,
> nfm->cookie = fm->new_cookie;
> match_len = nx_put_match(msg, false, &fm->cr,
> fm->cookie, fm->cookie_mask);
> + nfm = msg->data;
> nfm->idle_timeout = htons(fm->idle_timeout);
> nfm->hard_timeout = htons(fm->hard_timeout);
> nfm->priority = htons(fm->cr.priority);
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
More information about the dev
mailing list