Found by libfuzzer.
CC: Jan Scheurich <[email protected]>
Fixes: 7edef47b4896 ("NSH: Minor bugfixes")
Reported-by: Bhargava Shastry <[email protected]>
Signed-off-by: Ben Pfaff <[email protected]>
---
lib/flow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/flow.c b/lib/flow.c
index 1adc49970a3a..bc24fe7e20d3 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -553,7 +553,7 @@ parse_nsh(const void **datap, size_t *sizep, struct
flow_nsh *key)
/* NSH header length is in 4 byte words. */
length = ((ver_flags_len & NSH_LEN_MASK) >> NSH_LEN_SHIFT) << 2;
- if (version != 0) {
+ if (length > *sizep || version != 0) {
return false;
}
--
2.10.2
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
