linux

History

Daniel Borkmann 3bf4b5b11d net: ovs: flow: fix potential illegal memory access in __parse_flow_nlattrs In function __parse_flow_nlattrs(), we check for condition (type > OVS_KEY_ATTR_MAX) and if true, print an error, but we do not return from this function as in other checks. It seems this has been forgotten, as otherwise, we could access beyond the memory of ovs_key_lens, which is of ovs_key_lens[OVS_KEY_ATTR_MAX + 1]. Hence, a maliciously prepared nla_type from user space could access beyond this upper limit. Introduced by `03f0d916a` ("openvswitch: Mega flow implementation"). Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Andy Zhou <azhou@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2013-09-11 16:09:58 -04:00
..
actions.c	openvswitch: Add SCTP support	2013-08-26 14:03:13 -07:00
datapath.c	openvswitch: Add SCTP support	2013-08-26 14:03:13 -07:00
datapath.h	openvswitch: Mega flow implementation	2013-08-23 16:43:07 -07:00
dp_notify.c
flow.c	net: ovs: flow: fix potential illegal memory access in __parse_flow_nlattrs	2013-09-11 16:09:58 -04:00
flow.h	openvswitch: Fix alignment of struct sw_flow_key.	2013-09-05 15:54:37 -04:00
Kconfig	openvswitch: Add SCTP support	2013-08-26 14:03:13 -07:00
Makefile	openvswitch: check CONFIG_OPENVSWITCH_GRE in makefile	2013-08-23 16:43:07 -07:00
vport-gre.c	tunnels: harmonize cleanup done on skb on xmit path	2013-09-04 00:27:25 -04:00
vport-internal_dev.c	openvswitch: Add tunneling interface.	2013-06-19 18:07:41 -07:00
vport-internal_dev.h
vport-netdev.c	openvswitch:: link upper device for port devices	2013-08-23 16:38:00 -07:00
vport-netdev.h	openvswitch: Remove unused get_config vport op.	2013-06-14 15:09:09 -07:00
vport-vxlan.c	vxlan: remove net arg from vxlan[6]_xmit_skb()	2013-09-04 00:27:25 -04:00
vport.c	openvswitch: Fix argument descriptions in vport.c.	2013-08-23 16:38:00 -07:00
vport.h	openvswitch: Add vxlan tunneling support.	2013-08-20 00:15:44 -07:00