From: Andy Zhou <azhou@nicira.com>
Date: Thu, 12 Jun 2014 20:19:25 +0000 (-0700)
Subject: datapath:  avoid memory corruption in queue_userspace_packet()
X-Git-Tag: v2.4.0~1982
X-Git-Url: http://git.cascardo.eti.br/?a=commitdiff_plain;h=9a621f8274178f18d1ab8be7bc7db661c1f70104;p=cascardo%2Fovs.git

datapath:  avoid memory corruption in queue_userspace_packet()

In queue_userspace_packet(), the ovs_nla_put_flow return value is
not checked. This is fine as long as key_attr_size() returns the
correct value. In case it does not, the current code may corrupt buffer
memory. Add a run time assertion catch this case to avoid silent
failure.

Reported-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
---

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 1d2f414f1..a4d6473e6 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -487,7 +487,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
 	upcall->dp_ifindex = dp_ifindex;
 
 	nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY);
-	ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb);
+	err = ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb);
+	BUG_ON(err);
 	nla_nest_end(user_skb, nla);
 
 	if (upcall_info->userdata)