In queue_userspace_packet(), the ovs_nla_put_flow return value is not checked. This is fine as long as key_attr_size() returns the correct value. In case it does not, the current code may corrupt buffer memory. Add a run time assertion catch this case to avoid silent failure.
Reported-by: Ben Pfaff <[email protected]> Signed-off-by: Andy Zhou <[email protected]> --- datapath/datapath.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/datapath/datapath.c b/datapath/datapath.c index 1d2f414..a4d6473 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -487,7 +487,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb, upcall->dp_ifindex = dp_ifindex; nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY); - ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb); + err = ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb); + BUG_ON(err); nla_nest_end(user_skb, nla); if (upcall_info->userdata) -- 1.9.1 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
