[ovs-dev] [PATCH] flow: Fix buffer overread in flow_hash_symmetric_l3l4().
Ben Pfaff
blp at ovn.org
Fri May 26 23:46:36 UTC 2017
IPv6 addresses have 2 64-bit parts, but this code thought they have 4.
Found by Coverity.
Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762918&defectInstanceId=4304099&mergedDefectId=179866
Signed-off-by: Ben Pfaff <blp at ovn.org>
---
lib/flow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/flow.c b/lib/flow.c
index 7f98a46ae737..52e10084bbee 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1928,7 +1928,7 @@ flow_hash_symmetric_l3l4(const struct flow *flow, uint32_t basis,
const uint64_t *a = ALIGNED_CAST(uint64_t *, flow->ipv6_src.s6_addr);
const uint64_t *b = ALIGNED_CAST(uint64_t *, flow->ipv6_dst.s6_addr);
- for (int i = 0; i < 4; i++) {
+ for (int i = 0; i < 2; i++) {
hash = hash_add64(hash, a[i] ^ b[i]);
}
} else {
--
2.10.2
More information about the dev
mailing list