On Mon, Jan 14, 2019 at 1:17 AM Ross Lagerwall
<ross.lagerw...@citrix.com> wrote:
>
> For nested and variable attributes, the expected length of an attribute
> is not known and marked by a negative number. This results in an OOB
> read when the expected length is later used to check if the attribute is
> all zeros. Fix this by using the actual length of the attribute rather
> than the expected length.
>
> Signed-off-by: Ross Lagerwall <ross.lagerw...@citrix.com>
> ---
> net/openvswitch/flow_netlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 435a4bdf8f89..691da853bef5 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -500,7 +500,7 @@ static int __parse_flow_nlattrs(const struct nlattr *attr,
> return -EINVAL;
> }
>
> - if (!nz || !is_all_zero(nla_data(nla), expected_len)) {
> + if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
> attrs |= 1 << type;
> a[type] = nla;
> }
Good Catch.
Acked-by: Pravin B Shelar <pshe...@ovn.org>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
