From: Ben Pfaff <blp@nicira.com>
Date: Fri, 30 Jan 2009 00:42:48 +0000 (-0800)
Subject: datapath: Disallow action length 0, preventing DoS due to infinite loop.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9d65ae957598fc64649fc64b6bb5b128c7580f7;p=openvswitch

datapath: Disallow action length 0, preventing DoS due to infinite loop.
---

diff --git a/datapath/dp_act.c b/datapath/dp_act.c
index dcc93b93..f2964222 100644
--- a/datapath/dp_act.c
+++ b/datapath/dp_act.c
@@ -366,7 +366,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
 
 		/* Make there's enough remaining data for the specified length
 		 * and that the action length is a multiple of 64 bits. */
-		if ((actions_len < len) || (len % 8) != 0)
+		if (!len || (actions_len < len) || (len % 8) != 0)
 			return OFPBAC_BAD_LEN;
 
 		type = ntohs(ah->type);
diff --git a/udatapath/dp_act.c b/udatapath/dp_act.c
index 0baa0aba..8f7f9b63 100644
--- a/udatapath/dp_act.c
+++ b/udatapath/dp_act.c
@@ -360,7 +360,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
 
         /* Make there's enough remaining data for the specified length
          * and that the action length is a multiple of 64 bits. */
-        if ((actions_len < len) || (len % 8) != 0) {
+        if (!len || (actions_len < len) || (len % 8) != 0) {
             return OFPBAC_BAD_LEN;
         }