[ovs-dev] ofp-actions: Fix use-after-free with ofpact_finish().
Ryan Moats
rmoats at us.ibm.com
Fri Mar 18 16:10:40 UTC 2016
---- Original Message ----
> ofpact_finish() may now reallocate the buffer it is passed, but not all
> callers updated their local pointers to the current action in the
> buffer. This could potentially lead to several use-after-free bugs.
>
> Update ofpact_finish() to return the new pointer to the ofpact which is
> provided, and update the calling points to ensure that their local
> pointers are pointing into the correct (potentially reallocated) buffer.
>
> Fixes: 2bd318dec242 ("ofp-actions: Make composing actions harder to screw
up.")
> Reported-by: William Tu <u9012063 at gmail.com>
> Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Ryan Moats <rmoats at us.ibm.com>
More information about the dev
mailing list