From: Ben Pfaff <blp@nicira.com>
Date: Fri, 9 Jan 2009 01:13:30 +0000 (-0800)
Subject: dpctl: Fix use-after-free in "probe" command.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5071475da66075b31396d9c45bfa0d807d27eb13;p=openvswitch

dpctl: Fix use-after-free in "probe" command.

Found by Chris Eagle via Fortify.
---

diff --git a/utilities/dpctl.c b/utilities/dpctl.c
index 0113d967..80f8a461 100644
--- a/utilities/dpctl.c
+++ b/utilities/dpctl.c
@@ -1159,7 +1159,7 @@ do_probe(const struct settings *s UNUSED, int argc UNUSED, char *argv[])
     make_openflow(sizeof(struct ofp_header), OFPT_ECHO_REQUEST, &request);
     open_vconn(argv[1], &vconn);
     run(vconn_transact(vconn, request, &reply), "talking to %s", argv[1]);
-    if (reply->size != request->size) {
+    if (reply->size != sizeof(struct ofp_header)) {
         ofp_fatal(0, "reply does not match request");
     }
     ofpbuf_delete(reply);