[ovs-git] [openvswitch/ovs] 7b7b18: ofp-util: Fix buffer overread in ofputil_pull_queu...
GitHub
noreply at github.com
Thu May 25 21:25:45 UTC 2017
Branch: refs/heads/branch-2.7
Home: https://github.com/openvswitch/ovs
Commit: 7b7b186a8d40fc6f287cef2582702181da74bdc3
https://github.com/openvswitch/ovs/commit/7b7b186a8d40fc6f287cef2582702181da74bdc3
Author: Ben Pfaff <blp at ovn.org>
Date: 2017-05-25 (Thu, 25 May 2017)
Changed paths:
M lib/ofp-util.c
Log Message:
-----------
ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10().
msg->size isn't the relevant measurement here because we're only supposed
to read 'len' bytes. Reading more than that causes 'len' to underflow to a
large number at the end of the loop.
Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
More information about the git
mailing list