[ovs-git] [openvswitch/ovs] 806f30: pinctrl: Be more careful in parsing DHCPv6.

GitHub noreply at github.com
Thu May 25 21:32:43 UTC 2017

  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: 806f30662ae0f44f3c48808fd87400246e88d141
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2017-05-25 (Thu, 25 May 2017)

  Changed paths:
    M ovn/controller/pinctrl.c

  Log Message:
  pinctrl: Be more careful in parsing DHCPv6.

pinctrl_handle_put_dhcpv6_opts() did not check that a full UDP header was
present before reading its udp_len field.  This patch fixes the problem.

I don't think that the system as a whole, as normally installed, was
exploitable.  This is because pinctrl processes a packet sent to it from
ovs-vswitchd.  ovs-vswitchd only sends it UDPv6 DHCPv6 packets.  To
determine that the packets are DHCPv6, ovs-vswitchd has to see its UDP port
numbers are those for DHCPv6, and it's only going to see that if an entire
UDP header is present.  Therefore, this part of pinctrl will only ever
process a packet for which udp_len is there.

Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>

More information about the git mailing list