On 9/11/2018 12:12 AM, wangyunjian wrote:
From: Yunjian Wang <wangyunj...@huawei.com>
The tunnel_cfg had the gro_receive and gro_complete fields uninitialized
in function lisp_open(). This caused an uninitialized memory read.
Signed-off-by: Yunjian Wang <wangyunj...@huawei.com>
---
datapath/linux/compat/lisp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c
index eb45d5f..58144ad 100644
--- a/datapath/linux/compat/lisp.c
+++ b/datapath/linux/compat/lisp.c
@@ -457,6 +457,7 @@ static int lisp_open(struct net_device *dev)
rcu_assign_pointer(lisp->sock, sock);
/* Mark socket as an encapsulation socket */
+ memset(&tunnel_cfg, 0, sizeof(tunnel_cfg));
tunnel_cfg.sk_user_data = dev;
tunnel_cfg.encap_type = 1;
tunnel_cfg.encap_rcv = lisp_rcv;
LGTM
Reviewed-by: Greg Rose <gvrose8...@gmail.com>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
