secchan: Fix random memory corruption due to uninitialized pointer.

The kernel returns flow stats and actions to userspace on flow deletion.
By not initializing the odp_flow's "actions" or "n_actions" members we
caused it to use whatever happened to be in that space on the stack, which
caused random memory corruption.

(There is no need to initialize the "stats" member, since it is not read,
only written, by the kernel, but by doing so we quiet valgrind.)

diff --git a/secchan/ofproto.c b/secchan/ofproto.c
index 9eb1a26983d662ec574ba7b52d7cc1eacb2baeb3..5626f2e14ec98e7ba00402074a779858ac28baf6 100644 (file)
--- a/secchan/ofproto.c
+++ b/secchan/ofproto.c
@@ -2302,7 +2302,10 @@ revalidate_subrule(struct ofproto *p, struct rule *sub)
     if (super != sub->super) {
         if (!super) {
             struct odp_flow odp_flow;
+            memset(&odp_flow.stats, 0, sizeof odp_flow.stats);
             odp_flow.key = sub->cr.flow;
+            odp_flow.actions = NULL;
+            odp_flow.n_actions = 0;
             dpif_flow_del(&p->dpif, &odp_flow);
             classifier_remove(&p->cls, &sub->cr);
             rule_destroy(sub);