From b6bff4e9abaf2d9a53136854a733b7c4c5d4384e Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Thu, 13 Oct 2011 10:16:59 -0700
Subject: [PATCH] ofproto-dpif: Avoid bad pointer dereference in
 execute_odp_actions().

execute_odp_actions() can be passed a zero-length set of actions, in which
case it may not dereference its 'odp_actions' parameter at all, but in fact
it did do so.  In at least one corner case, odp_actions can be NULL, so
that this caused a segfault.

Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace
actions from flows to actions."

Reported-by: Pravin Shelar <pshelar@nicira.com>
---
 ofproto/ofproto-dpif.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 36635fc67..8e5a86305 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow,
     struct ofpbuf key;
     int error;
 
-    if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
-        && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
+    if (actions_len == 0) {
+        return true;
+    } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
+               && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
         struct user_action_cookie cookie;
         struct dpif_upcall upcall;
         uint64_t cookie_u64;
-- 
2.39.5