[ovs-git] [openvswitch/ovs] 1f9bf1: ofp-util: Fix buffer overread in ofputil_pull_queu...
noreply at github.com
Thu May 25 21:25:51 UTC 2017
Author: Ben Pfaff <blp at ovn.org>
Date: 2017-05-25 (Thu, 25 May 2017)
ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10().
msg->size isn't the relevant measurement here because we're only supposed
to read 'len' bytes. Reading more than that causes 'len' to underflow to a
large number at the end of the loop.
Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
More information about the git