Good, thanks. Acked-by: Darrell Ball <[email protected]>
This needs backporting to 2.8. I re-ran some SA tools and found some other potential use after free bugs. On Tue, Jul 10, 2018 at 4:05 AM, Ilya Maximets <[email protected]> wrote: > 'alg_exp_entry' is allocated on stack memory, but could be used via > 'alg_exp' pointer inside 'write_ct_md' function, i.e. outside its scope. > > CC: Darrell Ball <[email protected]> > Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.") > Signed-off-by: Ilya Maximets <[email protected]> > --- > > lib/conntrack.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/conntrack.c b/lib/conntrack.c > index 97fd46a..51c1acb 100644 > --- a/lib/conntrack.c > +++ b/lib/conntrack.c > @@ -1246,9 +1246,9 @@ process_one(struct conntrack *ct, struct dp_packet > *pkt, > } > > const struct alg_exp_node *alg_exp = NULL; > + struct alg_exp_node alg_exp_entry; > > if (OVS_UNLIKELY(create_new_conn)) { > - struct alg_exp_node alg_exp_entry; > > ct_rwlock_rdlock(&ct->resources_lock); > alg_exp = expectation_lookup(&ct->alg_expectations, &ctx->key, > -- > 2.7.4 > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
