[ovs-git] [openvswitch/ovs] 209aa4: ovs-ofctl: Avoid read overrun in ofperr_decode_msg...
GitHub
noreply at github.com
Wed Jun 14 15:21:23 UTC 2017
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: 209aa4ad1370ed00f054fa832b016b92f250f99b
https://github.com/openvswitch/ovs/commit/209aa4ad1370ed00f054fa832b016b92f250f99b
Author: Ben Pfaff <blp at ovn.org>
Date: 2017-06-14 (Wed, 14 Jun 2017)
Changed paths:
M include/openvswitch/vconn.h
M lib/vconn.c
M utilities/ovs-ofctl.c
Log Message:
-----------
ovs-ofctl: Avoid read overrun in ofperr_decode_msg().
vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available. This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the
problem.
struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.
Found via gcc's address sanitizer.
Reported-by: Lance Richardson <lrichard at redhat.com>
Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jarno Rajahlame <jarno at ovn.org>
More information about the git
mailing list