Good spot! Acked-by: Jan Scheurich <[email protected]>
> -----Original Message----- > From: Ben Pfaff [mailto:[email protected]] > Sent: Wednesday, 29 November, 2017 17:30 > To: [email protected] > Cc: Ben Pfaff <[email protected]>; Jan Scheurich <[email protected]>; > Bhargava Shastry <[email protected]> > Subject: [PATCH] flow: Avoid buffer overread in parse_nsh() for malformed > packet. > > Found by libfuzzer. > > CC: Jan Scheurich <[email protected]> > Fixes: 7edef47b4896 ("NSH: Minor bugfixes") > Reported-by: Bhargava Shastry <[email protected]> > Signed-off-by: Ben Pfaff <[email protected]> > --- > lib/flow.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/flow.c b/lib/flow.c > index 1adc49970a3a..bc24fe7e20d3 100644 > --- a/lib/flow.c > +++ b/lib/flow.c > @@ -553,7 +553,7 @@ parse_nsh(const void **datap, size_t *sizep, struct > flow_nsh *key) > /* NSH header length is in 4 byte words. */ > length = ((ver_flags_len & NSH_LEN_MASK) >> NSH_LEN_SHIFT) << 2; > > - if (version != 0) { > + if (length > *sizep || version != 0) { > return false; > } > > -- > 2.10.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
