[ovs-dev] [PATCH] ofp-util: Avoid use-after-free in ofputil_encode_flow_mod().

Ben Pfaff blp at nicira.com
Tue Jun 26 00:08:58 UTC 2012


Thanks, I pushed this to master, branch-1.[567].  It didn't apply to
branch-1.4.

On Sun, Jun 24, 2012 at 02:42:14PM -0400, Justin Pettit wrote:
> Looks good.  Thanks.
> 
> BTW, I'm planning to release 1.6.1 soon.  Anything else you want to get in?
> 
> --Justin
> 
> 
> On Jun 24, 2012, at 1:34 AM, Ben Pfaff wrote:
> 
> > nx_put_match() can reallocate the ofpbuf's data so we need to reload the
> > pointer.
> > 
> > Found by inspection.
> > 
> > Signed-off-by: Ben Pfaff <blp at nicira.com>
> > ---
> > lib/ofp-util.c |    1 +
> > 1 files changed, 1 insertions(+), 0 deletions(-)
> > 
> > diff --git a/lib/ofp-util.c b/lib/ofp-util.c
> > index 6d820b2..cc3c9fd 100644
> > --- a/lib/ofp-util.c
> > +++ b/lib/ofp-util.c
> > @@ -1776,6 +1776,7 @@ ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm,
> >         nfm->cookie = fm->new_cookie;
> >         match_len = nx_put_match(msg, false, &fm->cr,
> >                                  fm->cookie, fm->cookie_mask);
> > +        nfm = msg->data;
> >         nfm->idle_timeout = htons(fm->idle_timeout);
> >         nfm->hard_timeout = htons(fm->hard_timeout);
> >         nfm->priority = htons(fm->cr.priority);
> > -- 
> > 1.7.2.5
> > 
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
> 



More information about the dev mailing list