On Tue, Aug 21, 2018 at 4:38 PM David Miller wrote:
>
> From: Pravin Shelar
> Date: Tue, 21 Aug 2018 15:38:28 -0700
>
> > On Fri, Aug 17, 2018 at 1:15 AM Jiecheng Wu wrote:
> >>
> >> Function queue_userspace_packet() defined in net/openvswitch/datapath.c
> >> calls nla_nest_start() to allocate
From: Pravin Shelar
Date: Tue, 21 Aug 2018 15:38:28 -0700
> On Fri, Aug 17, 2018 at 1:15 AM Jiecheng Wu wrote:
>>
>> Function queue_userspace_packet() defined in net/openvswitch/datapath.c
>> calls nla_nest_start() to allocate memory for struct nlattr which is
>> dereferenced immediately. As n
On Fri, Aug 17, 2018 at 1:15 AM Jiecheng Wu wrote:
>
> Function queue_userspace_packet() defined in net/openvswitch/datapath.c calls
> nla_nest_start() to allocate memory for struct nlattr which is dereferenced
> immediately. As nla_nest_start() may return NULL on failure, this code piece
> may
Function queue_userspace_packet() defined in net/openvswitch/datapath.c calls
nla_nest_start() to allocate memory for struct nlattr which is dereferenced
immediately. As nla_nest_start() may return NULL on failure, this code piece
may cause NULL pointer dereference bug.
---
net/openvswitch/data