[ovs-git] [openvswitch/ovs] a99e91: odp-util: Fix buffer overread in parsing string fo...

GitHub noreply at github.com
Mon Nov 27 19:19:04 UTC 2017


  Branch: refs/heads/branch-2.6
  Home:   https://github.com/openvswitch/ovs
  Commit: a99e918848f18e552fdaacaf7ff760ede554f67c
      https://github.com/openvswitch/ovs/commit/a99e918848f18e552fdaacaf7ff760ede554f67c
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2017-11-27 (Mon, 27 Nov 2017)

  Changed paths:
    M lib/odp-util.c

  Log Message:
  -----------
  odp-util: Fix buffer overread in parsing string form of ODP flows.

scan_u128() should return 0 on an error but it actually returned an errno
value in some cases, so a command like this:
    ovs-appctl dpctl/add-flow 'ct_label(1/55555555555555555555555555)' ''
could cause a buffer overread.

This bug is not as severe as it may sound because the string form of ODP
flows is not used over OpenFlow or OVSDB, only through the appctl interface
that is normally used just by local system administrators and not exposed
over a network.

Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Joe Stringer <joe at ovn.org>




More information about the git mailing list