Re: [PATCH] openvswitch: fix OOB access in reserve_sfa_size()

15 Apr 2022


      Hello:
This patch was applied to netdev/net.git (master)
by David S. Miller davem@davemloft.net:
On Fri, 15 Apr 2022 10:08:41 +0200 you wrote:
...
Given a sufficiently large number of actions, while copying and
reserving memory for a new action of a new flow, if next_offset is
greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does
not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE
bytes increasing actions_len by req_size. This can then lead to an OOB
write access, especially when further actions need to be copied.
[...]
Here is the summary with links:
  - openvswitch: fix OOB access in reserve_sfa_size()
    https://git.kernel.org/netdev/net/c/cefa91b2332d
You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH] openvswitch: fix OOB access in reserve_sfa_size()