[ovs-dev] [PATCH] flow: Fix buffer overread in flow_hash_symmetric_l3l4().

Ben Pfaff blp at ovn.org
Fri May 26 23:46:36 UTC 2017


IPv6 addresses have 2 64-bit parts, but this code thought they have 4.

Found by Coverity.

Reported-at: https://scan3.coverity.com/reports.htm#v16889/p10449/fileInstanceId=14762918&defectInstanceId=4304099&mergedDefectId=179866
Signed-off-by: Ben Pfaff <blp at ovn.org>
---
 lib/flow.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/flow.c b/lib/flow.c
index 7f98a46ae737..52e10084bbee 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1928,7 +1928,7 @@ flow_hash_symmetric_l3l4(const struct flow *flow, uint32_t basis,
         const uint64_t *a = ALIGNED_CAST(uint64_t *, flow->ipv6_src.s6_addr);
         const uint64_t *b = ALIGNED_CAST(uint64_t *, flow->ipv6_dst.s6_addr);
 
-        for (int i = 0; i < 4; i++) {
+        for (int i = 0; i < 2; i++) {
             hash = hash_add64(hash, a[i] ^ b[i]);
         }
     } else {
-- 
2.10.2



More information about the dev mailing list