On 26 November 2017 at 17:41, Ben Pfaff <[email protected]> wrote: > scan_u128() should return 0 on an error but it actually returned an errno > value in some cases, so a command like this: > ovs-appctl dpctl/add-flow 'ct_label(1/55555555555555555555555555)' '' > could cause a buffer overread. > > This bug is not as severe as it may sound because the string form of ODP > flows is not used over OpenFlow or OVSDB, only through the appctl interface > that is normally used just by local system administrators and not exposed > over a network. > > Reported-by: Bhargava Shastry <[email protected]> > Signed-off-by: Ben Pfaff <[email protected]> > ---
Acked-by: Joe Stringer <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
