From: Jesse Gross Date: Wed, 2 Mar 2011 01:56:01 +0000 (-0800) Subject: flow: Avoid assertion failure on invalid IPv6 packet. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46aef12ee5fcb028d20bac654c8a08cf993cfac8;p=openvswitch flow: Avoid assertion failure on invalid IPv6 packet. We compute the length of the IPv6 header by parsing all of the extension headers that we know about. However, the final result is checked using ofpbuf_pull(), which checks the size with an assertion. Since the length of the final header is not checked in any other way an invalid packet can trigger this assertion. --- diff --git a/lib/flow.c b/lib/flow.c index 879e462f..6928f74e 100644 --- a/lib/flow.c +++ b/lib/flow.c @@ -414,7 +414,7 @@ flow_extract(struct ofpbuf *packet, ovs_be64 tun_id, uint16_t in_port, return 0; } - nh = ofpbuf_pull(&b, nh_len); + nh = ofpbuf_try_pull(&b, nh_len); if (nh) { packet->l4 = b.data; if (flow->nw_proto == IPPROTO_TCP) {