diff options
author | Thomas Graf <tgraf@noironetworks.com> | 2015-01-15 00:17:31 +0100 |
---|---|---|
committer | Thomas Graf <tgraf@noironetworks.com> | 2015-01-15 00:17:31 +0100 |
commit | 2e460098bff351b9fddcb917447caa3b97a35d86 (patch) | |
tree | 7d86ff153b547c78ce2bfedee54285a94960d7b8 /lib | |
parent | afc3987b514ded86a47d079239d57bfb0663801b (diff) | |
download | openvswitch-2e460098bff351b9fddcb917447caa3b97a35d86.tar.gz |
dpif: Use separate OVS_PACKET_ATTR_PROBE for packet messges
User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.
Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining binary compatibility with existing OVS binaries.
Fixes: 9233ce ("datapath: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/dpif-netlink.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index 8f0eca6e3..a9d60f72f 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -1530,7 +1530,7 @@ dpif_netlink_encode_execute(int dp_ifindex, const struct dpif_execute *d_exec, nl_msg_put_unspec(buf, OVS_PACKET_ATTR_ACTIONS, d_exec->actions, d_exec->actions_len); if (d_exec->probe) { - nl_msg_put_flag(buf, OVS_FLOW_ATTR_PROBE); + nl_msg_put_flag(buf, OVS_PACKET_ATTR_PROBE); } } |