NlAttrParseNested was using the whole netlink payload for iteration.
This is not correct, as it would lead to exceeding the
nested attribute boundries. Fixed the same in this patch.
---
datapath-windows/ovsext/Datapath.c | 4 +++-
datapath-windows/ovsext/Netlink/Netlink.c | 15 ++++++++++++---
datapath-windows/ovsext/Netlink/Netlink.h | 8 ++++----
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/datapath-windows/ovsext/Datapath.c
b/datapath-windows/ovsext/Datapath.c
index 0dfdd57..ffb7d44 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
@@ -949,7 +949,8 @@ OvsSubscribeEventCmdHandler(POVS_USER_PARAMS_CONTEXT
usrParamsCtx,
(POVS_OPEN_INSTANCE)usrParamsCtx->ovsInstance;
POVS_MESSAGE msgIn = (POVS_MESSAGE)usrParamsCtx->inputBuffer;
- rc = NlAttrParse(&msgIn->nlMsg, sizeof (*msgIn),policy, attrs, 2);
+ rc = NlAttrParse(&msgIn->nlMsg, sizeof (*msgIn),
+ NlMsgAttrLen((PNL_MSG_HDR)msgIn), policy, attrs, 2);
if (!rc) {
status = STATUS_INVALID_PARAMETER;
goto done;
@@ -1107,6 +1108,7 @@ HandleDpTransaction(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
if (usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_DP_CMD_SET) {
if (!NlAttrParse((PNL_MSG_HDR)msgIn,
NLMSG_HDRLEN + GENL_HDRLEN + OVS_HDRLEN,
+ NlMsgAttrLen((PNL_MSG_HDR)msgIn),
ovsDatapathSetPolicy, dpAttrs, ARRAY_SIZE(dpAttrs))) {
return STATUS_INVALID_PARAMETER;
}
diff --git a/datapath-windows/ovsext/Netlink/Netlink.c
b/datapath-windows/ovsext/Netlink/Netlink.c
index 5c74ec0..a72d846 100644
--- a/datapath-windows/ovsext/Netlink/Netlink.c
+++ b/datapath-windows/ovsext/Netlink/Netlink.c
@@ -969,6 +969,7 @@ NlAttrFindNested(const PNL_ATTR nla, UINT16 type)
*/
BOOLEAN
NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+ UINT32 attrLen,
const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs)
{
@@ -979,14 +980,21 @@ NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
RtlZeroMemory(attrs, n_attrs * sizeof *attrs);
- if ((NlMsgSize(nlMsg) < attrOffset) || (!(NlMsgAttrLen(nlMsg)))) {
+
+ /* There is nothing to parse */
+ if (!(NlMsgAttrLen(nlMsg))) {
+ ret = TRUE;
+ goto done;
+ }
+
+ if ((NlMsgSize(nlMsg) < attrOffset)) {
OVS_LOG_WARN("No attributes in nlMsg: %p at offset: %d",
nlMsg, attrOffset);
goto done;
}
NL_ATTR_FOR_EACH (nla, left, NlMsgAt(nlMsg, attrOffset),
- NlMsgSize(nlMsg) - attrOffset)
+ attrLen)
{
UINT16 type = NlAttrType(nla);
if (type < n_attrs && policy[type].type != NL_A_NO_ATTR) {
@@ -1035,9 +1043,10 @@ done:
*/
BOOLEAN
NlAttrParseNested(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+ UINT32 attrLen,
const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs)
{
return NlAttrParse(nlMsg, attrOffset + NLA_HDRLEN,
- policy, attrs, n_attrs);
+ attrLen - NLA_HDRLEN, policy, attrs, n_attrs);
}
diff --git a/datapath-windows/ovsext/Netlink/Netlink.h
b/datapath-windows/ovsext/Netlink/Netlink.h
index 80f98dd..023c673 100644
--- a/datapath-windows/ovsext/Netlink/Netlink.h
+++ b/datapath-windows/ovsext/Netlink/Netlink.h
@@ -125,11 +125,11 @@ const PNL_ATTR NlAttrFind__(const PNL_ATTR attrs,
const PNL_ATTR NlAttrFindNested(const PNL_ATTR nla,
UINT16 type);
BOOLEAN NlAttrParse(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
- const NL_POLICY policy[],
+ UINT32 attrLen, const NL_POLICY policy[],
PNL_ATTR attrs[], UINT32 n_attrs);
-BOOLEAN NlParseNested(const PNL_ATTR, const NL_POLICY policy[],
- PNL_ATTR attrs[], UINT32 n_attrs);
-
+BOOLEAN NlAttrParseNested(const PNL_MSG_HDR nlMsg, UINT32 attrOffset,
+ UINT32 attrLen, const NL_POLICY policy[],
+ PNL_ATTR attrs[], UINT32 n_attrs);
/*
* --------------------------------------------------------------------------
* Returns the length of attribute.
--
1.9.1
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
