projects
/
openvswitch
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a35ae81
)
flow: Fix wild pointer dereference in flow_compose().
author
Ethan Jackson
<ethan@nicira.com>
Wed, 1 Aug 2012 20:01:01 +0000
(13:01 -0700)
committer
Ethan Jackson
<ethan@nicira.com>
Wed, 1 Aug 2012 20:33:48 +0000
(13:33 -0700)
The 'ip' variable in flow_compose() points to some memory allocated
in an ofpbuf. The ofpbuf is modified without making the necessary
updates to the location of 'ip' causing a potential wild memory
access.
Found by inspection.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
lib/flow.c
patch
|
blob
|
history
diff --git
a/lib/flow.c
b/lib/flow.c
index 6129703a2025314d1c644ecd5598c2b59981d6ac..59b5fb7d48f64e1023462e5f65858eeacbbf0649 100644
(file)
--- a/
lib/flow.c
+++ b/
lib/flow.c
@@
-1065,6
+1065,7
@@
flow_compose(struct ofpbuf *b, const struct flow *flow)
}
}
+ ip = b->l3;
ip->ip_tot_len = htons((uint8_t *) b->data + b->size
- (uint8_t *) b->l3);
} else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
projects / openvswitch / commitdiff