[ovs-git] [openvswitch/ovs] 4fe080: flow: Fix buffer overread for crafted IPv6 packets...
GitHub
noreply at github.com
Tue Jul 10 04:02:09 UTC 2018
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: 4fe08016068514be7a8751d86f6ad30bde344949
https://github.com/openvswitch/ovs/commit/4fe08016068514be7a8751d86f6ad30bde344949
Author: Ben Pfaff <blp at ovn.org>
Date: 2018-07-09 (Mon, 09 Jul 2018)
Changed paths:
M lib/flow.c
Log Message:
-----------
flow: Fix buffer overread for crafted IPv6 packets.
The ipv6_sanity_check() function implemented a check for IPv6 payload
length wrong: ip6_plen is the payload length but this function checked
whether it was longer than the total length of IPv6 header plus payload.
This meant that a packet with a crafted ip6_plen could result in a buffer
overread of up to the length of an IPv6 header (40 bytes).
The kernel datapath flow extraction code does not obviously have a similar
problem.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9287
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Darrell Ball <dlu998 at gmail.com>
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the git
mailing list