datapath: Disallow action length 0, preventing DoS due to infinite loop.

author Ben Pfaff <blp@nicira.com>

Fri, 30 Jan 2009 00:42:48 +0000 (16:42 -0800)

committer Ben Pfaff <blp@nicira.com>

Thu, 19 Feb 2009 22:10:24 +0000 (14:10 -0800)
author Ben Pfaff <blp@nicira.com>
Fri, 30 Jan 2009 00:42:48 +0000 (16:42 -0800)
committer Ben Pfaff <blp@nicira.com>
Thu, 19 Feb 2009 22:10:24 +0000 (14:10 -0800)
diff --git a/datapath/dp_act.c b/datapath/dp_act.c

index dcc93b93a5d73a76d33cd49c6a4e5617a2bbb474..f2964222013ed30c5d4b77b224bf35f8116b5f2c 100644 (file)
--- a/datapath/dp_act.c
+++ b/datapath/dp_act.c
@@ -366,7 +366,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
  
                 /* Make there's enough remaining data for the specified length
                  * and that the action length is a multiple of 64 bits. */
-               if ((actions_len < len) || (len % 8) != 0)
+               if (!len || (actions_len < len) || (len % 8) != 0)
                         return OFPBAC_BAD_LEN;
  
                 type = ntohs(ah->type);
diff --git a/udatapath/dp_act.c b/udatapath/dp_act.c

index 0baa0aba7ab813503a8e209e8f3720f45251610b..8f7f9b63f37e7a5f97e965a28f575afc245bbd08 100644 (file)
--- a/udatapath/dp_act.c
+++ b/udatapath/dp_act.c
@@ -360,7 +360,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
  
          /* Make there's enough remaining data for the specified length
           * and that the action length is a multiple of 64 bits. */
-        if ((actions_len < len) || (len % 8) != 0) {
+        if (!len || (actions_len < len) || (len % 8) != 0) {
              return OFPBAC_BAD_LEN;
          }
author	Ben Pfaff <blp@nicira.com>
	Fri, 30 Jan 2009 00:42:48 +0000 (16:42 -0800)
committer	Ben Pfaff <blp@nicira.com>
	Thu, 19 Feb 2009 22:10:24 +0000 (14:10 -0800)
datapath/dp_act.c		patch \| blob \| history
udatapath/dp_act.c		patch \| blob \| history