On Mon, Aug 10, 2015 at 03:46:45PM +0530, neeraj mehta wrote:
> Hi,
>
> There is a possible defect in "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2.
>
> In ovs-ofctl.c, NULL(in certain conditions) being passed as argument in
> memcmp().
> ISO C says that the arguments to memcmp() must not be NULL.
>
> ---
>
> "lib/ofpbuf.h" 425L, 14598C OVS-2.3.2
>
> static inline void * ofpbuf_l3(const struct ofpbuf *b)
> {
> return b->l3_ofs != UINT16_MAX ? (char *)b->frame + b->l3_ofs : NULL;
> }
> ---
>
> ---
> "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2
> if (ofptype_pull(&type, reply)
> || type != OFPTYPE_ECHO_REPLY
> || ofpbuf_size(reply) != payload
> || memcmp(ofpbuf_l3(request), ofpbuf_l3(reply), payload)) {
> ---
>
> One of possible solutions for this can be:
>
> ---
> "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2
> if (ofptype_pull(&type, reply)
> || type != OFPTYPE_ECHO_REPLY
> || ofpbuf_size(reply) != payload
> + || !ofpbuf_l3(request) || !ofpbuf_l3(reply)
> || memcmp(ofpbuf_l3(request), ofpbuf_l3(reply), payload)) {
> ---
>
> Can someone confirm the above understanding?
Thanks for the report.
Neither of the pointer arguments can be NULL in this case.
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
