From 932ecd69e5b1b21d1df44404a60db5f73c3664b8 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Sat, 23 Jun 2012 22:34:39 -0700
Subject: [PATCH] ofp-util: Avoid use-after-free in ofputil_encode_flow_mod().

nx_put_match() can reallocate the ofpbuf's data so we need to reload the
pointer.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
---
 lib/ofp-util.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index 6d820b2f..cc3c9fdf 100644
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -1776,6 +1776,7 @@ ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm,
         nfm->cookie = fm->new_cookie;
         match_len = nx_put_match(msg, false, &fm->cr,
                                  fm->cookie, fm->cookie_mask);
+        nfm = msg->data;
         nfm->idle_timeout = htons(fm->idle_timeout);
         nfm->hard_timeout = htons(fm->hard_timeout);
         nfm->priority = htons(fm->cr.priority);
-- 
2.30.2