From: Ethan Jackson <ethan@nicira.com>
Date: Wed, 1 Aug 2012 20:01:01 +0000 (-0700)
Subject: flow: Fix wild pointer dereference in flow_compose().
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9dbe4e889d2558b378dcae9ead57dc32ebc4a174;p=openvswitch

flow: Fix wild pointer dereference in flow_compose().

The 'ip' variable in flow_compose() points to some memory allocated
in an ofpbuf.  The ofpbuf is modified without making the necessary
updates to the location of 'ip' causing a potential wild memory
access.

Found by inspection.

Signed-off-by: Ethan Jackson <ethan@nicira.com>
---

diff --git a/lib/flow.c b/lib/flow.c
index 6129703a..59b5fb7d 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1065,6 +1065,7 @@ flow_compose(struct ofpbuf *b, const struct flow *flow)
             }
         }
 
+        ip = b->l3;
         ip->ip_tot_len = htons((uint8_t *) b->data + b->size
                                - (uint8_t *) b->l3);
     } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {