On Tue, Jun 13, 2017 at 02:31:22PM -0400, Lance Richardson wrote: > vconn_add_bundle_error() stores a maximum of 64 bytes of an > OpenFlow packet, however ofperr_decode_msg() assumes that the > entire packet is present. This leads to a buffer read overrun > when the the packet is copied to another buffer using the full > packet size. > > Fix by adding a parameter to ofperr_decode_msg() indicating the > size of the buffer containing the OpenFlow packet. > > Found via gcc's address sanitizer. > > Fixes: 506c1ddb3404 ("vconn: Better bundle error management.") > Signed-off-by: Lance Richardson <lrich...@redhat.com>
I'm not sure why we keep just the first 64 bytes. It seems actually easier to just keep the whole thing: https://patchwork.ozlabs.org/patch/775500/ _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev