[ovs-git] [openvswitch/ovs] f3f7e7: ovs-ofctl: Avoid read overrun in ofperr_decode_msg...

GitHub noreply at github.com
Wed Jun 14 14:27:34 UTC 2017


  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: f3f7e71b3b6ee032e77de18a47b4ac66d358ea0f
      https://github.com/openvswitch/ovs/commit/f3f7e71b3b6ee032e77de18a47b4ac66d358ea0f
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2017-06-14 (Wed, 14 Jun 2017)

  Changed paths:
    M include/openvswitch/vconn.h
    M lib/vconn.c
    M utilities/ovs-ofctl.c

  Log Message:
  -----------
  ovs-ofctl: Avoid read overrun in ofperr_decode_msg().

vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available.  This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the
problem.

struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.

Found via gcc's address sanitizer.

Reported-by: Lance Richardson <lrichard at redhat.com>
Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jarno Rajahlame <jarno at ovn.org>




More information about the git mailing list