[ovs-git] [openvswitch/ovs] 54a40f: ipf: Avoid accessing to a freed rp.
Aaron Conole
noreply at github.com
Wed Jan 13 16:17:45 UTC 2021
Branch: refs/heads/branch-2.12
Home: https://github.com/openvswitch/ovs
Commit: 54a40f23dcdb741fe58ea5eeb63ca15c2e79fbdb
https://github.com/openvswitch/ovs/commit/54a40f23dcdb741fe58ea5eeb63ca15c2e79fbdb
Author: Peng He <hepeng.0320 at bytedance.com>
Date: 2021-01-13 (Wed, 13 Jan 2021)
Changed paths:
M lib/ipf.c
Log Message:
-----------
ipf: Avoid accessing to a freed rp.
if there are multiple pkts in the batch, the loop will access a
freed rp, which cause ovs crash.
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Signed-off-by: Peng He <hepeng.0320 at bytedance.com>
Acked-by: Mark Gray <mark.d.gray at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: e9eee99590e412a773fe680b41b40cd30b22df73
https://github.com/openvswitch/ovs/commit/e9eee99590e412a773fe680b41b40cd30b22df73
Author: Aaron Conole <aconole at redhat.com>
Date: 2021-01-13 (Wed, 13 Jan 2021)
Changed paths:
M lib/lldp/lldp.c
Log Message:
-----------
lldp: do not leak memory on multiple instances of TLVs
Upstream commit:
commit a8d3c90feca548fc0656d95b5d278713db86ff61
Date: Tue, 17 Nov 2020 09:28:17 -0500
lldp: avoid memory leak from bad packets
A packet that contains multiple instances of certain TLVs will cause
lldpd to continually allocate memory and leak the old memory. As an
example, multiple instances of system name TLV will cause old values
to be dropped by the decoding routine.
Reported-at: https://github.com/openvswitch/ovs/pull/337
Reported-by: Jonas Rudloff <jonas.t.rudloff at gmail.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Compare: https://github.com/openvswitch/ovs/compare/ed45e64dbe06...e9eee99590e4
More information about the git
mailing list