[ovs-git] [openvswitch/ovs] 569595: ofproto-dpif: Uninitialize 'xlate_cache' to free r...

Aaron Conole noreply at github.com
Wed Jan 13 16:17:51 UTC 2021 

  Branch: refs/heads/branch-2.11
  Home:   https://github.com/openvswitch/ovs
  Commit: 569595898bcfd052d67b2665f52f9531aeac7474
      https://github.com/openvswitch/ovs/commit/569595898bcfd052d67b2665f52f9531aeac7474
  Author: Yifeng Sun <pkusunyifeng at gmail.com>
  Date:   2021-01-13 (Wed, 13 Jan 2021)

  Changed paths:
    M ofproto/ofproto-dpif.c

  Log Message:
  -----------
  ofproto-dpif: Uninitialize 'xlate_cache' to free resources

Valgrind reported:

1210: ofproto-dpif - continuation after clone

==32205== 4,392 (1,440 direct, 2,952 indirect) bytes in 12 blocks are definitely lost in loss record 359 of 362
==32205==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32205==    by 0x532574: xmalloc (util.c:138)
==32205==    by 0x4F98CA: ofpbuf_init (ofpbuf.c:123)
==32205==    by 0x42C07B: nxt_resume (ofproto-dpif.c:5110)
==32205==    by 0x41796F: handle_nxt_resume (ofproto.c:3677)
==32205==    by 0x424583: handle_single_part_openflow (ofproto.c:8473)
==32205==    by 0x424583: handle_openflow (ofproto.c:8606)
==32205==    by 0x4579E2: ofconn_run (connmgr.c:1318)
==32205==    by 0x4579E2: connmgr_run (connmgr.c:355)
==32205==    by 0x41E0F5: ofproto_run (ofproto.c:1845)
==32205==    by 0x40BA63: bridge_run__ (bridge.c:2971)
==32205==    by 0x410CF3: bridge_run (bridge.c:3029)
==32205==    by 0x407614: main (ovs-vswitchd.c:127)

This is because 'xcache' was not destroyed properly. This patch fixes it.

Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: dc222c3cf16b0003484965513273e87c56a3f2b1
      https://github.com/openvswitch/ovs/commit/dc222c3cf16b0003484965513273e87c56a3f2b1
  Author: Aaron Conole <aconole at redhat.com>
  Date:   2021-01-13 (Wed, 13 Jan 2021)

  Changed paths:
    M lib/lldp/lldp.c

  Log Message:
  -----------
  lldp: do not leak memory on multiple instances of TLVs

Upstream commit:
    commit a8d3c90feca548fc0656d95b5d278713db86ff61
    Date: Tue, 17 Nov 2020 09:28:17 -0500

    lldp: avoid memory leak from bad packets

    A packet that contains multiple instances of certain TLVs will cause
    lldpd to continually allocate memory and leak the old memory.  As an
    example, multiple instances of system name TLV will cause old values
    to be dropped by the decoding routine.

    Reported-at: https://github.com/openvswitch/ovs/pull/337
    Reported-by: Jonas Rudloff <jonas.t.rudloff at gmail.com>
    Signed-off-by: Aaron Conole <aconole at redhat.com>

Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/008414b6f08b...dc222c3cf16b

More information about the git mailing list