NlAttrParseNested was using the whole netlink payload for iteration.
This is not correct, as it would lead to exceeding the
nested attribute boundries. Fixed the same in this patch.
Signed-off-by: Ankur Sharma ankursha...@vmware.com
Acked-by: Alin Gabriel Serdean aserd...@cloudbasesolutions.com
Acked-by: Eitan Eliahu elia...@vmware.com
---
datapath-windows/ovsext/Datapath.c| 4 +++-
datapath-windows/ovsext/Netlink/Netlink.c | 15 ---
datapath-windows/ovsext/Netlink/Netlink.h | 8
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/datapath-windows/ovsext/Datapath.c
b/datapath-windows/ovsext/Datapath.c
index 0dfdd57..ffb7d44 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
@@ -949,7 +949,8 @@ OvsSubscribeEventCmdHandler(POVS_USER_PARAMS_CONTEXT
usrParamsCtx,
(POVS_OPEN_INSTANCE)usrParamsCtx-ovsInstance;
POVS_MESSAGE msgIn = (POVS_MESSAGE)usrParamsCtx-inputBuffer;
-rc = NlAttrParse(msgIn-nlMsg, sizeof (*msgIn),policy, attrs, 2);
+rc = NlAttrParse(msgIn-nlMsg, sizeof (*msgIn),
+ NlMsgAttrLen((PNL_MSG_HDR)msgIn), policy, attrs, 2);
if (!rc) {
status = STATUS_INVALID_PARAMETER;
goto done;
@@ -1107,6 +1108,7 @@ HandleDpTransaction(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
if (usrParamsCtx-ovsMsg-genlMsg.cmd == OVS_DP_CMD_SET) {
if (!NlAttrParse((PNL_MSG_HDR)msgIn,
NLMSG_HDRLEN + GENL_HDRLEN + OVS_HDRLEN,
+NlMsgAttrLen((PNL_MSG_HDR)msgIn),
ovsDatapathSetPolicy, dpAttrs, ARRAY_SIZE(dpAttrs))) {
return STATUS_INVALID_PARAMETER;
}
diff --git a/datapath-windows/ovsext/Netlink/Netlink.c
b/datapath-windows/ovsext/Netlink/Netlink.c
index bb3d603..5bac4b5 100644
--- a/datapath-windows/ovsext/Netlink/Netlink.c
+++ b/datapath-windows/ovsext/Netlink/Netlink.c
@@ -969,6 +969,7 @@ NlAttrFindNested(const PNL_ATTR nla, UINT16 type)
*/
BOOLEAN
NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+UINT32 attrLen,
const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs)
{
@@ -979,14 +980,21 @@ NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
RtlZeroMemory(attrs, n_attrs * sizeof *attrs);
-if ((NlMsgSize(nlMsg) attrOffset) || (!(NlMsgAttrLen(nlMsg {
+
+/* There is nothing to parse */
+if (!(NlMsgAttrLen(nlMsg))) {
+ret = TRUE;
+goto done;
+}
+
+if ((NlMsgSize(nlMsg) attrOffset)) {
OVS_LOG_WARN(No attributes in nlMsg: %p at offset: %d,
nlMsg, attrOffset);
goto done;
}
NL_ATTR_FOR_EACH (nla, left, NlMsgAt(nlMsg, attrOffset),
- NlMsgSize(nlMsg) - attrOffset)
+ attrLen)
{
UINT16 type = NlAttrType(nla);
if (type n_attrs policy[type].type != NL_A_NO_ATTR) {
@@ -1035,9 +1043,10 @@ done:
*/
BOOLEAN
NlAttrParseNested(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+ UINT32 attrLen,
const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs)
{
return NlAttrParse(nlMsg, attrOffset + NLA_HDRLEN,
- policy, attrs, n_attrs);
+ attrLen - NLA_HDRLEN, policy, attrs, n_attrs);
}
diff --git a/datapath-windows/ovsext/Netlink/Netlink.h
b/datapath-windows/ovsext/Netlink/Netlink.h
index 6494a59..57fc15f 100644
--- a/datapath-windows/ovsext/Netlink/Netlink.h
+++ b/datapath-windows/ovsext/Netlink/Netlink.h
@@ -117,11 +117,11 @@ const PNL_ATTR NlAttrFind__(const PNL_ATTR attrs,
const PNL_ATTR NlAttrFindNested(const PNL_ATTR nla,
UINT16 type);
BOOLEAN NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
-const NL_POLICY policy[],
+UINT32 attrLen, const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs);
-BOOLEAN NlParseNested(const PNL_ATTR, const NL_POLICY policy[],
- PNL_ATTR attrs[], UINT32 n_attrs);
-
+BOOLEAN NlAttrParseNested(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+ UINT32 attrLen, const NL_POLICY policy[],
+ PNL_ATTR attrs[], UINT32 n_attrs);
/*
* --
* Returns the length of attribute.
--
1.9.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
