From: Ben Pfaff Date: Fri, 21 Sep 2012 18:12:39 +0000 (-0700) Subject: ovsdb-server: Fix null pointer deref when bool "is_connected" is empty. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c824c8a39854199a4221256281b1322cfae33469;p=openvswitch ovsdb-server: Fix null pointer deref when bool "is_connected" is empty. The ovsdb-server supports obtaining its remote connection targets from a database table and updating that table with connection status information. One of the supported connection status columns is a boolean column named "is_connected". The code in ovsdb-server blindly assigned a bool into this column without checking that it actually had space allocated for one. This was and is fine with the ovs-vswitchd schema, which always has exactly one value in this column. However, if a database schema makes this column optional, and there are actually no values in it, then this assignment dereferences a null pointer. This commit fixes the problem by allocating space for a bool if none has yet been allocated. Noticed while adding an extra test for the connection status feature. Signed-off-by: Ben Pfaff Acked-by: Ethan Jackson --- diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c index 1bf10d9b..32e2eb02 100644 --- a/ovsdb/ovsdb-server.c +++ b/ovsdb/ovsdb-server.c @@ -404,12 +404,24 @@ read_string_column(const struct ovsdb_row *row, const char *column_name, static void write_bool_column(struct ovsdb_row *row, const char *column_name, bool value) { - struct ovsdb_datum *datum = get_datum(row, column_name, OVSDB_TYPE_BOOLEAN, - OVSDB_TYPE_VOID, 1); + const struct ovsdb_column *column; + struct ovsdb_datum *datum; + column = ovsdb_table_schema_get_column(row->table->schema, column_name); + datum = get_datum(row, column_name, OVSDB_TYPE_BOOLEAN, + OVSDB_TYPE_VOID, 1); if (!datum) { return; } + + if (datum->n != 1) { + ovsdb_datum_destroy(datum, &column->type); + + datum->n = 1; + datum->keys = xmalloc(sizeof *datum->keys); + datum->values = NULL; + } + datum->keys[0].boolean = value; }