ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions().

execute_odp_actions() can be passed a zero-length set of actions, in which
case it may not dereference its 'odp_actions' parameter at all, but in fact
it did do so.  In at least one corner case, odp_actions can be NULL, so
that this caused a segfault.

Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace
actions from flows to actions."

Reported-by: Pravin Shelar <pshelar@nicira.com>

diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 36635fc67172ec9036c2b08ae6b61ee0564d1e24..8e5a86305a05e6b0fb9bdc472512ad54977f9ef9 100644 (file)
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow,
     struct ofpbuf key;
     int error;
 
-    if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
-        && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
+    if (actions_len == 0) {
+        return true;
+    } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
+               && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
         struct user_action_cookie cookie;
         struct dpif_upcall upcall;
         uint64_t cookie_u64;