[ovs-git] [openvswitch/ovs] cf36f8: lldp: do not leak memory on multiple instances of ...

Aaron Conole noreply at github.com
Wed Jan 13 16:18:13 UTC 2021


  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: cf36f86669041ff1caca7c85f922e184892425b6
      https://github.com/openvswitch/ovs/commit/cf36f86669041ff1caca7c85f922e184892425b6
  Author: Aaron Conole <aconole at redhat.com>
  Date:   2021-01-13 (Wed, 13 Jan 2021)

  Changed paths:
    M lib/lldp/lldp.c

  Log Message:
  -----------
  lldp: do not leak memory on multiple instances of TLVs

Upstream commit:
    commit a8d3c90feca548fc0656d95b5d278713db86ff61
    Date: Tue, 17 Nov 2020 09:28:17 -0500

    lldp: avoid memory leak from bad packets

    A packet that contains multiple instances of certain TLVs will cause
    lldpd to continually allocate memory and leak the old memory.  As an
    example, multiple instances of system name TLV will cause old values
    to be dropped by the decoding routine.

    Reported-at: https://github.com/openvswitch/ovs/pull/337
    Reported-by: Jonas Rudloff <jonas.t.rudloff at gmail.com>
    Signed-off-by: Aaron Conole <aconole at redhat.com>

Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>




More information about the git mailing list