[ovs-dev] [PATCH] flow: Fix wild pointer dereference in flow_compose().

Ethan Jackson Wed, 01 Aug 2012 13:20:12 -0700

The 'ip' variable in flow_compose() points to some memory allocated
in an ofpbuf.  The ofpbuf is modified without making the necessary
updates to the location of 'ip' causing a potential wild memory
access.


Found by inspection.

Signed-off-by: Ethan Jackson <et...@nicira.com>
---
 lib/flow.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/flow.c b/lib/flow.c
index 6129703..59b5fb7 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1065,6 +1065,7 @@ flow_compose(struct ofpbuf *b, const struct flow *flow)
             }
         }
 
+        ip = b->l3;
         ip->ip_tot_len = htons((uint8_t *) b->data + b->size
                                - (uint8_t *) b->l3);
     } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
-- 
1.7.11.2

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] flow: Fix wild pointer dereference in flow_compose().

Reply via email to