From: Jesse Gross <jesse@nicira.com>
Date: Mon, 28 Feb 2011 22:32:33 +0000 (-0800)
Subject: datapath: Check packet len does not exceed attribute len.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=513130154d7af9f5b58602aeb00765629479d02e;p=openvswitch

datapath: Check packet len does not exceed attribute len.

Netlink attributes have a maximum length of 64k.  It's theoretically
possible that a packet could exceed this length, so check for it before
we try to send the packet to userspace.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 69b524c5..ebfc2e99 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -492,6 +492,9 @@ static int queue_control_packets(struct datapath *dp, struct sk_buff *skb,
 		if (unlikely(err))
 			goto err_kfree_skbs;
 
+		if (nla_attr_size(skb->len) > USHRT_MAX)
+			goto err_kfree_skbs;
+
 		len = sizeof(struct odp_header);
 		len += nla_total_size(skb->len);
 		len += nla_total_size(FLOW_BUFSIZE);