[ovs-git] [openvswitch/ovs] 209aa4: ovs-ofctl: Avoid read overrun in ofperr_decode_msg...

GitHub noreply at github.com
Wed Jun 14 15:21:23 UTC 2017

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 209aa4ad1370ed00f054fa832b016b92f250f99b
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2017-06-14 (Wed, 14 Jun 2017)

  Changed paths:
    M include/openvswitch/vconn.h
    M lib/vconn.c
    M utilities/ovs-ofctl.c

  Log Message:
  ovs-ofctl: Avoid read overrun in ofperr_decode_msg().

vconn_add_bundle_error() was keeping at most 64 bytes of an OpenFlow
error message, then it was passing it to ofperr_decode_msg(), which assumed
that the full message was available.  This led to a buffer overread.
There's no good reason why it was only keeping the first 64 bytes, so this
commit changes it to keep the whole error message, sidestepping the

struct vconn_bundle_error only existed for this special case, so remove it
in favor of a chain of ofpbufs.

Found via gcc's address sanitizer.

Reported-by: Lance Richardson <lrichard at redhat.com>
Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jarno Rajahlame <jarno at ovn.org>

More information about the git mailing list