On Mon, Mar 07, 2016 at 03:36:37PM -0800, Joe Stringer wrote:
> ofpact_finish() may now reallocate the buffer it is passed, but not all
> callers updated their local pointers to the current action in the
> buffer. This could potentially lead to several use-after-free bugs.
>
> Update ofpact_finish() to return the new pointer to the ofpact which is
> provided, and update the calling points to ensure that their local
> pointers are pointing into the correct (potentially reallocated) buffer.
>
> Fixes: 2bd318dec242 ("ofp-actions: Make composing actions harder to screw
> up.")
> Reported-by: William Tu <[email protected]>
> Signed-off-by: Joe Stringer <[email protected]>
Thank you.
Acked-by: Ben Pfaff <[email protected]>
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
