[ovs-git] [openvswitch/ovs] 49ac22: ovs-ofctl: Avoid read overrun in ofperr_decode_msg...
GitHub
noreply at github.com
Wed Jun 14 14:30:47 UTC 2017
Branch: refs/heads/branch-2.6
Home: https://github.com/openvswitch/ovs
Commit: 49ac2209be05275d8903118956d7c32c47cb21fe
https://github.com/openvswitch/ovs/commit/49ac2209be05275d8903118956d7c32c47cb21fe
Author: Ben Pfaff <blp at ovn.org>
Date: 2017-06-14 (Wed, 14 Jun 2017)
Changed paths:
M include/openvswitch/vconn.h
M lib/vconn.c
M utilities/ovs-ofctl.c
Log Message:
-----------
ovs-ofctl: Avoid read overrun in ofperr_decode_msg().
vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available. This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the
problem.
struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.
Found via gcc's address sanitizer.
Reported-by: Lance Richardson <lrichard at redhat.com>
Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jarno Rajahlame <jarno at ovn.org>
More information about the git
mailing list