From a93f1927f21f2a14c4166d3ffc0131b1fb4be1bb Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Tue, 30 Apr 2013 11:24:11 -0700 Subject: [PATCH] ofproto-dpif: Fix 'size' argument to fix_sflow_action(). The sflow action only uses 8 bytes of the total 16 for user_action_cookie, but fix_sflow_action() was checking for the presence of all 16, so if the sflow action wasn't followed by a few other actions then 'cookie' would end up NULL and the assertion would segfault. Bug #16659. Reported-by: Dhaval Badiani Signed-off-by: Ben Pfaff --- AUTHORS | 1 + ofproto/ofproto-dpif.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 8656dee7a..b314ce602 100644 --- a/AUTHORS +++ b/AUTHORS @@ -123,6 +123,7 @@ Cedric Hobbs cedric@nicira.com Dave Walker DaveWalker@ubuntu.com David Palma palma@onesource.pt Derek Cormier derek.cormier@lab.ntt.co.jp +Dhaval Badiani dbadiani@vmware.com Duffie Cooley dcooley@nicira.com DK Moon dkmoon@nicira.com Edwin Chiu echiu@nicira.com diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 40e897f31..6ec1c23d5 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -6073,7 +6073,7 @@ fix_sflow_action(struct action_xlate_ctx *ctx) } cookie = ofpbuf_at(ctx->odp_actions, ctx->user_cookie_offset, - sizeof(*cookie)); + sizeof cookie->sflow); ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); compose_sflow_cookie(ctx->ofproto, base->vlan_tci, -- 2.39.5