Skip to content

Commit

Permalink
openvswitch: Avoid memory corruption in queue_userspace_packet()
Browse files Browse the repository at this point in the history 
In queue_userspace_packet(), the ovs_nla_put_flow return value is
not checked. This is fine as long as key_attr_size() returns the
correct value. In case it does not, the current code may corrupt buffer
memory. Add a run time assertion catch this case to avoid silent
failure.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
  • Loading branch information
Andy Zhou authored and Pravin B Shelar committed Jul 24, 2014
1 parent f6eec61 commit f53e383
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion net/openvswitch/datapath.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
upcall->dp_ifindex = dp_ifindex;

nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY);
ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb);
err = ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb);
BUG_ON(err);
nla_nest_end(user_skb, nla);

if (upcall_info->userdata)
Expand Down

0 comments on commit f53e383

Please sign in to comment.