On Thu, Mar 03, 2016 at 09:22:50PM +1300, Joe Stringer wrote:
> When decoding a variable-length action, if the length of the action
> exceeds the length storable in a uint16_t then something has gone
> terribly wrong. Assert that this is not the case.
>
> Signed-off-by: Joe Stringer <j...@ovn.org>
> ---
> lib/ofp-actions.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
> index fe1424f137a1..905469b6bbf9 100644
> --- a/lib/ofp-actions.c
> +++ b/lib/ofp-actions.c
> @@ -7401,8 +7401,12 @@ ofpact_init(struct ofpact *ofpact, enum ofpact_type
> type, size_t len)
> void
> ofpact_finish(struct ofpbuf *ofpacts, struct ofpact *ofpact)
> {
> + ptrdiff_t len;
> +
> ovs_assert(ofpact == ofpacts->header);
> - ofpact->len = (char *) ofpbuf_tail(ofpacts) - (char *) ofpact;
> + len = (char *) ofpbuf_tail(ofpacts) - (char *) ofpact;
> + ovs_assert(len <= UINT16_MAX);
Probably worth adding "len > 0 &&" to that condition, as long as we're
at it.
Acked-by: Ben Pfaff <b...@ovn.org>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
