[ovs-dev] [PATCH] odp-util: Fix a use-afer-free bug

Ben Pfaff blp at ovn.org
Mon Oct 8 17:23:33 UTC 2018


Thanks, applied to master, backported as far as 2.7.

On Fri, Oct 05, 2018 at 03:43:03PM -0700, Yifeng Sun wrote:
> This patch should also fix the bug reported at
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10802
> 
> On Fri, Oct 5, 2018 at 2:50 PM Yifeng Sun <pkusunyifeng at gmail.com> wrote:
> 
> > After ofpbug_put, actions may have been reallocated and
> > key will point to invalid memory address.
> >
> > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796
> > Signed-off-by
> > <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796Signed-off-by>:
> > Yifeng Sun <pkusunyifeng at gmail.com>
> > ---
> >  lib/odp-util.c | 9 +++++----
> >  1 file changed, 5 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/odp-util.c b/lib/odp-util.c
> > index 890c71b7f336..7705bb30ae21 100644
> > --- a/lib/odp-util.c
> > +++ b/lib/odp-util.c
> > @@ -2242,13 +2242,14 @@ parse_odp_action(const char *s, const struct simap
> > *port_names,
> >                  key->nla_len += size;
> >                  ofpbuf_put(actions, mask + 1, size);
> >
> > -                /* Add new padding as needed */
> > -                ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) -
> > -                                          key->nla_len);
> > -
> >                  /* 'actions' may have been reallocated by ofpbuf_put(). */
> >                  nested = ofpbuf_at_assert(actions, start_ofs, sizeof
> > *nested);
> >                  nested->nla_type = OVS_ACTION_ATTR_SET_MASKED;
> > +
> > +                key = nested + 1;
> > +                /* Add new padding as needed */
> > +                ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) -
> > +                                          key->nla_len);
> >              }
> >          }
> >          ofpbuf_uninit(&maskbuf);
> > --
> > 2.7.4
> >
> >
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list