Hello:
This patch was applied to netdev/net.git (master)
by David S. Miller <[email protected]>:
On Fri, 15 Apr 2022 10:08:41 +0200 you wrote:
> Given a sufficiently large number of actions, while copying and
> reserving memory for a new action of a new flow, if next_offset is
> greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does
> not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE
> bytes increasing actions_len by req_size. This can then lead to an OOB
> write access, especially when further actions need to be copied.
>
> [...]
Here is the summary with links:
- openvswitch: fix OOB access in reserve_sfa_size()
https://git.kernel.org/netdev/net/c/cefa91b2332d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
