[ovs-dev] [PATCH v2] dynamic-string: fix a crash in ds_clone()
Sriharsha Basavapatna
sriharsha.basavapatna at broadcom.com
Thu Aug 12 06:33:33 UTC 2021
In netdev_offload_dpdk_flow_create() when an offload request fails,
dump_flow() is called to log a warning message. The 's_tnl' string
in flow_patterns gets initialized in vport_to_rte_tunnel() conditionally
via ds_put_format(). If it is not initialized, it crashes later in
dump_flow_attr()->ds_clone()->memcpy() while dereferencing this string.
To fix this, check if memory for the src string has been allocated,
before copying it to the dst string.
Fixes: fa44a4a3ff7b ("ovn-controller: Persist desired conntrack groups.")
Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
---
v1->v2: fix ds_clone(); ds_cstr() not needed in callers.
---
lib/dynamic-string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/dynamic-string.c b/lib/dynamic-string.c
index 6f7b610a9..fd0127ed1 100644
--- a/lib/dynamic-string.c
+++ b/lib/dynamic-string.c
@@ -460,6 +460,10 @@ ds_chomp(struct ds *ds, int c)
void
ds_clone(struct ds *dst, struct ds *source)
{
+ if (!source->allocated) {
+ ds_init(dst);
+ return;
+ }
dst->length = source->length;
dst->allocated = dst->length;
dst->string = xmalloc(dst->allocated + 1);
--
2.30.0.349.g30b29f044a
--
This electronic communication and the information and any files transmitted
with it, or attached to it, are confidential and are intended solely for
the use of the individual or entity to whom it is addressed and may contain
information that is confidential, legally privileged, protected by privacy
laws, or otherwise restricted from disclosure to anyone else. If you are
not the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, you are hereby notified that any use,
copying, distributing, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited. If you received this e-mail in error,
please return the e-mail to the sender, delete it from your computer, and
destroy any printed copy of it.
More information about the dev
mailing list