[ovs-dev] [PATCH] ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions().

Ben Pfaff blp at nicira.com
Thu Oct 13 12:57:17 PDT 2011


Thanks, I pushed this fix.

On Thu, Oct 13, 2011 at 11:15:57AM -0700, Ethan Jackson wrote:
> Looks good.
> 
> Ethan
> 
> On Thu, Oct 13, 2011 at 10:17, Ben Pfaff <blp at nicira.com> wrote:
> > execute_odp_actions() can be passed a zero-length set of actions, in which
> > case it may not dereference its 'odp_actions' parameter at all, but in fact
> > it did do so. ?In at least one corner case, odp_actions can be NULL, so
> > that this caused a segfault.
> >
> > Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace
> > actions from flows to actions."
> >
> > Reported-by: Pravin Shelar <pshelar at nicira.com>
> > ---
> > ?ofproto/ofproto-dpif.c | ? ?6 ++++--
> > ?1 files changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
> > index 36635fc..8e5a863 100644
> > --- a/ofproto/ofproto-dpif.c
> > +++ b/ofproto/ofproto-dpif.c
> > @@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow,
> > ? ? struct ofpbuf key;
> > ? ? int error;
> >
> > - ? ?if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
> > - ? ? ? ?&& NLA_ALIGN(odp_actions->nla_len) == actions_len) {
> > + ? ?if (actions_len == 0) {
> > + ? ? ? ?return true;
> > + ? ?} else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
> > + ? ? ? ? ? ? ? && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
> > ? ? ? ? struct user_action_cookie cookie;
> > ? ? ? ? struct dpif_upcall upcall;
> > ? ? ? ? uint64_t cookie_u64;
> > --
> > 1.7.4.4
> >
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
> >



More information about the dev mailing list