From cc51da27abcbef478e976676b15368cfca318018 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Wed, 27 May 2009 11:46:20 -0700 Subject: [PATCH] datapath: Avoid bad array reference for missing group in ODPAT_OUTPUT_GROUP. When ODPAT_OUTPUT_GROUP referenced a group that hadn't been created, output_group() would return a negative number other than -1. execute_actions() would pass this later to do_output(), which would then use it as a bogus array index, accessing invalid memory. This commit fixes it by making it return -1 instead, which the caller interprets correctly. Thanks to Justin for leading me to scrutinize this code. --- datapath/actions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datapath/actions.c b/datapath/actions.c index d9b92f1d..6eb5813e 100644 --- a/datapath/actions.c +++ b/datapath/actions.c @@ -323,7 +323,7 @@ static int output_group(struct datapath *dp, __u16 group, int i; if (!g) - return -EINVAL; + return -1; for (i = 0; i < g->n_ports; i++) { struct net_bridge_port *p = dp->ports[g->ports[i]]; if (!p || skb->dev == p->dev) -- 2.30.2