Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
openvswitch-dpdk.6197
0001-ofp-util-Check-length-of-buckets-in-ofputi...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-ofp-util-Check-length-of-buckets-in-ofputil_pull_ofp.patch of Package openvswitch-dpdk.6197
From 9cdb3e7c373cdcf5072372631e31d13f1a600e91 Mon Sep 17 00:00:00 2001 From: Ben Pfaff <blp@ovn.org> Date: Fri, 26 May 2017 12:59:06 -0700 Subject: [PATCH] ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). This code blindly read forward for the number of bytes specified by the message without checking that it was in range. This bug is part of OpenFlow 1.5 support. Open vSwitch does not enable OpenFlow 1.5 support by default. Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> --- lib/ofp-util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ofp-util.c b/lib/ofp-util.c index 13adff3f7..f0ed5bee3 100644 --- a/lib/ofp-util.c +++ b/lib/ofp-util.c @@ -8813,6 +8813,9 @@ ofputil_pull_ofp15_group_mod(struct ofpbuf *msg, enum ofp_version ofp_version, } bucket_list_len = ntohs(ogm->bucket_array_len); + if (bucket_list_len > msg->size) { + return OFPERR_OFPBRC_BAD_LEN; + } error = ofputil_pull_ofp15_buckets(msg, bucket_list_len, ofp_version, gm->type, &gm->buckets); if (error) { -- 2.15.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor