dpif: Use separate OVS_PACKET_ATTR_PROBE for packet messges

User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow and packet messages. This leads to an out-of-bounds access in ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE > OVS_PACKET_ATTR_MAX. Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes while maintaining binary compatibility with existing OVS binaries. Fixes: 9233ce ("datapath: Add support for OVS_FLOW_ATTR_PROBE.") Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Jesse Gross <jesse@nicira.com>
author: Thomas Graf <tgraf@noironetworks.com> 2015-01-15 00:17:31 +0100
committer: Thomas Graf <tgraf@noironetworks.com> 2015-01-15 00:17:31 +0100
commit: 2e460098bff351b9fddcb917447caa3b97a35d86 (patch)
tree: 7d86ff153b547c78ce2bfedee54285a94960d7b8 /lib
parent: afc3987b514ded86a47d079239d57bfb0663801b (diff)
download: openvswitch-2e460098bff351b9fddcb917447caa3b97a35d86.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index 8f0eca6e3..a9d60f72f 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -1530,7 +1530,7 @@ dpif_netlink_encode_execute(int dp_ifindex, const struct dpif_execute *d_exec,
     nl_msg_put_unspec(buf, OVS_PACKET_ATTR_ACTIONS,
                       d_exec->actions, d_exec->actions_len);
     if (d_exec->probe) {
-        nl_msg_put_flag(buf, OVS_FLOW_ATTR_PROBE);
+        nl_msg_put_flag(buf, OVS_PACKET_ATTR_PROBE);
     }
 }
author	Thomas Graf <tgraf@noironetworks.com>	2015-01-15 00:17:31 +0100
committer	Thomas Graf <tgraf@noironetworks.com>	2015-01-15 00:17:31 +0100
commit	2e460098bff351b9fddcb917447caa3b97a35d86 (patch)
tree	7d86ff153b547c78ce2bfedee54285a94960d7b8 /lib
parent	afc3987b514ded86a47d079239d57bfb0663801b (diff)
download	openvswitch-2e460098bff351b9fddcb917447caa3b97a35d86.tar.gz