vswitch: Avoid segfault when revalidating ARP flows.

The 'packet' argument to process_flow() is allowed to be null, but some of
the code was assuming that it was always non-null, which caused a segfault
while revalidating ARP flows.

Bug #1394.

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index 10c6fee25e85ae9c28985791d7029b4b8a9b3a63..fc2939b97b4741e1c8fe2f6a8e4526600d1841c9 100644 (file)
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1758,10 +1758,17 @@ process_flow(struct bridge *br, const flow_t *flow,
              * an exception to this rule: the host has moved to another
              * switch. */
             int src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan);
-            if (src_idx != -1
-                && src_idx != in_port->port_idx
-                && !is_bcast_arp_reply(flow, packet)) {
-                goto done;
+            if (src_idx != -1 && src_idx != in_port->port_idx) {
+                if (packet) {
+                    if (!is_bcast_arp_reply(flow, packet)) {
+                        goto done;
+                    }
+                } else {
+                    /* No way to know whether it's an ARP reply, because the
+                     * flow entry doesn't include enough information and we
+                     * don't have a packet.  Punt. */
+                    return false;
+                }
             }
         }
     }