Commit 02c12c27 authored by Ben Pfaff's avatar Ben Pfaff

ofp-meter: Fix use-after-free for decoding meter mods.

ofputil_pull_bands() may change bands->data.

Found by libfuzzer-ngram.
Reported-by: default avatarBhargava Shastry <bshastry@sect.tu-berlin.de>
Signed-off-by: default avatarBen Pfaff <blp@ovn.org>
Reviewed-by: Yifeng Sun<pkusunyifeng@gmail.com>
parent bfe96bb0
......@@ -1831,12 +1831,12 @@ ofputil_decode_meter_mod(const struct ofp_header *oh,
mm->meter.flags & OFPMF13_PKTPS) {
return OFPERR_OFPMMFC_BAD_FLAGS;
}
mm->meter.bands = bands->data;
error = ofputil_pull_bands(&b, b.size, &mm->meter.n_bands, bands);
if (error) {
return error;
}
mm->meter.bands = bands->data;
}
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment