On Tue, Jun 13, 2017 at 02:31:22PM -0400, Lance Richardson wrote:
> vconn_add_bundle_error() stores a maximum of 64 bytes of an
> OpenFlow packet, however ofperr_decode_msg() assumes that the
> entire packet is present. This leads to a buffer read overrun
> when the the packet is copied to another buffer using the full
> packet size.
>
> Fix by adding a parameter to ofperr_decode_msg() indicating the
> size of the buffer containing the OpenFlow packet.
>
> Found via gcc's address sanitizer.
>
> Fixes: 506c1ddb3404 ("vconn: Better bundle error management.")
> Signed-off-by: Lance Richardson <lrich...@redhat.com>
I'm not sure why we keep just the first 64 bytes. It seems actually
easier to just keep the whole thing:
https://patchwork.ozlabs.org/patch/775500/
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
