diff mbox series

[ovs-dev] odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__()

Message ID 1630396278-36120-1-git-send-email-wangyunjian@huawei.com
State Accepted
Headers show
Series [ovs-dev] odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__() | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/apply-robot fail apply and check: fail

Commit Message

Yunjian Wang Aug. 31, 2021, 7:51 a.m. UTC 
This patch fixes (dereference after null check) coverity issue.
We should add null check of 'nsh_mask' to avoid passing NULL pointer
to memcpy() because the 'nsh_mask' maybe null.

Addresses-Coverity: ("Dereference after null check")
Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH")
Cc: Yi Yang <yi.y.yang@intel.com>
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 lib/odp-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Aaron Conole Aug. 31, 2021, 7:14 p.m. UTC | #1 
Yunjian Wang <wangyunjian@huawei.com> writes:

> This patch fixes (dereference after null check) coverity issue.
> We should add null check of 'nsh_mask' to avoid passing NULL pointer
> to memcpy() because the 'nsh_mask' maybe null.
>
> Addresses-Coverity: ("Dereference after null check")
> Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH")
> Cc: Yi Yang <yi.y.yang@intel.com>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---

Good catch.

Acked-by: Aaron Conole <aconole@redhat.com>
Ilya Maximets Sept. 16, 2021, 12:54 a.m. UTC | #2 
On 8/31/21 21:14, Aaron Conole wrote:
> Yunjian Wang <wangyunjian@huawei.com> writes:
> 
>> This patch fixes (dereference after null check) coverity issue.
>> We should add null check of 'nsh_mask' to avoid passing NULL pointer
>> to memcpy() because the 'nsh_mask' maybe null.
>>
>> Addresses-Coverity: ("Dereference after null check")
>> Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH")
>> Cc: Yi Yang <yi.y.yang@intel.com>
>> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
>> ---
> 
> Good catch.
> 
> Acked-by: Aaron Conole <aconole@redhat.com>

Thanks!  Applied and backported down to 2.12.

Best regards, Ilya Maximets.
diff mbox series

Patch

diff --git a/lib/odp-util.c b/lib/odp-util.c
index 7729a9060..9356bbf6e 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2941,7 +2941,7 @@  odp_nsh_key_from_attr__(const struct nlattr *attr, bool is_mask,
             const struct ovs_nsh_key_md1 *md1 = nl_attr_get(a);
             has_md1 = true;
             memcpy(nsh->context, md1->context, sizeof md1->context);
-            if (len == 2 * sizeof(*md1)) {
+            if (nsh_mask && (len == 2 * sizeof(*md1))) {
                 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
                 memcpy(nsh_mask->context, md1_mask->context,
                        sizeof(*md1_mask));