From e9d65ae957598fc64649fc64b6bb5b128c7580f7 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Thu, 29 Jan 2009 16:42:48 -0800
Subject: [PATCH] datapath: Disallow action length 0, preventing DoS due to
 infinite loop.

---
 datapath/dp_act.c  | 2 +-
 udatapath/dp_act.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/datapath/dp_act.c b/datapath/dp_act.c
index dcc93b93..f2964222 100644
--- a/datapath/dp_act.c
+++ b/datapath/dp_act.c
@@ -366,7 +366,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
 
 		/* Make there's enough remaining data for the specified length
 		 * and that the action length is a multiple of 64 bits. */
-		if ((actions_len < len) || (len % 8) != 0)
+		if (!len || (actions_len < len) || (len % 8) != 0)
 			return OFPBAC_BAD_LEN;
 
 		type = ntohs(ah->type);
diff --git a/udatapath/dp_act.c b/udatapath/dp_act.c
index 0baa0aba..8f7f9b63 100644
--- a/udatapath/dp_act.c
+++ b/udatapath/dp_act.c
@@ -360,7 +360,7 @@ validate_actions(struct datapath *dp, const struct sw_flow_key *key,
 
         /* Make there's enough remaining data for the specified length
          * and that the action length is a multiple of 64 bits. */
-        if ((actions_len < len) || (len % 8) != 0) {
+        if (!len || (actions_len < len) || (len % 8) != 0) {
             return OFPBAC_BAD_LEN;
         }
 
-- 
2.30.2