[ovs-dev] [PATCH] odp-utils: Fix memory corruption while flow parsing.
Gurucharan Shetty
shettyg at nicira.com
Fri Mar 22 23:31:11 UTC 2013
Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX,
we can write into a random memory address causing corruption. Fix it.
Bug #15702.
Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
---
lib/odp-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index f9e9321..72da40d 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -1728,7 +1728,7 @@ parse_flow_nlattrs(const struct nlattr *key, size_t key_len,
return false;
}
- if (type >= CHAR_BIT * sizeof present_attrs) {
+ if (type > OVS_KEY_ATTR_MAX) {
*out_of_range_attrp = type;
} else {
if (present_attrs & (UINT64_C(1) << type)) {
--
1.7.9.5
More information about the dev
mailing list