On Thu, Jun 19, 2014 at 4:47 PM, Jesse Gross <je...@nicira.com> wrote:
> On Thu, Jun 19, 2014 at 4:30 PM, Pravin Shelar <pshe...@nicira.com> wrote:
>> On Thu, Jun 19, 2014 at 4:07 PM, Jesse Gross <je...@nicira.com> wrote:
>>> On Thu, Jun 19, 2014 at 1:33 PM, Pravin Shelar <pshe...@nicira.com> wrote:
>>>>> diff --git a/datapath/flow.c b/datapath/flow.c
>>>>> index f1bb95d..7b108ed 100644
>>>>> --- a/datapath/flow.c
>>>>> +++ b/datapath/flow.c
>>>>> @@ -455,6 +455,13 @@ int ovs_flow_extract(struct sk_buff *skb, u16
>>>>> in_port, struct sw_flow_key *key)
>>>>> struct ovs_tunnel_info *tun_info = OVS_CB(skb)->tun_info;
>>>>> memcpy(&key->tun_key, &tun_info->tunnel,
>>>>> sizeof(key->tun_key));
>>>>> + if (tun_info->options) {
>>>>> + memcpy(GENEVE_OPTS(key, tun_info->options_len),
>>>>> + tun_info->options, tun_info->options_len);
>>>> Need to check options_len before copying data from packet.
>>>
>>> I think we should be OK here since we already checked it in
>>> geneve_rcv() when we populated tun_info. Is there anything else that
>>> we need to check?
>>>
>> I am not sure where is opts_len checked if it is less than key->tun_opts[]
>> size.
>
> Oh, I see you meant the destination instead of the source.
>
> It's implicitly limited by the fact that the length is a u8 and the
> array size is 255. We could add a length check in anyways as a sanity
> check or maybe do a build assert.
right, I think it is fine as it is.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
