From: Ben Pfaff Date: Thu, 13 Oct 2011 17:16:59 +0000 (-0700) Subject: ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions(). X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6bff4e9abaf2d9a53136854a733b7c4c5d4384e;p=openvswitch ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions(). execute_odp_actions() can be passed a zero-length set of actions, in which case it may not dereference its 'odp_actions' parameter at all, but in fact it did do so. In at least one corner case, odp_actions can be NULL, so that this caused a segfault. Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace actions from flows to actions." Reported-by: Pravin Shelar --- diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 36635fc6..8e5a8630 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow, struct ofpbuf key; int error; - if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE - && NLA_ALIGN(odp_actions->nla_len) == actions_len) { + if (actions_len == 0) { + return true; + } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE + && NLA_ALIGN(odp_actions->nla_len) == actions_len) { struct user_action_cookie cookie; struct dpif_upcall upcall; uint64_t cookie_u64;