[ovs-git] [openvswitch/ovs] f3f7e7: ovs-ofctl: Avoid read overrun in ofperr_decode_msg...
noreply at github.com
Wed Jun 14 14:27:34 UTC 2017
Author: Ben Pfaff <blp at ovn.org>
Date: 2017-06-14 (Wed, 14 Jun 2017)
ovs-ofctl: Avoid read overrun in ofperr_decode_msg().
vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available. This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the
struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.
Found via gcc's address sanitizer.
Reported-by: Lance Richardson <lrichard at redhat.com>
Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jarno Rajahlame <jarno at ovn.org>
More information about the git