Message ID | 1630396278-36120-1-git-send-email-wangyunjian@huawei.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev] odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__() | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/apply-robot | fail | apply and check: fail |
Yunjian Wang <wangyunjian@huawei.com> writes: > This patch fixes (dereference after null check) coverity issue. > We should add null check of 'nsh_mask' to avoid passing NULL pointer > to memcpy() because the 'nsh_mask' maybe null. > > Addresses-Coverity: ("Dereference after null check") > Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH") > Cc: Yi Yang <yi.y.yang@intel.com> > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> > --- Good catch. Acked-by: Aaron Conole <aconole@redhat.com>
On 8/31/21 21:14, Aaron Conole wrote: > Yunjian Wang <wangyunjian@huawei.com> writes: > >> This patch fixes (dereference after null check) coverity issue. >> We should add null check of 'nsh_mask' to avoid passing NULL pointer >> to memcpy() because the 'nsh_mask' maybe null. >> >> Addresses-Coverity: ("Dereference after null check") >> Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH") >> Cc: Yi Yang <yi.y.yang@intel.com> >> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> >> --- > > Good catch. > > Acked-by: Aaron Conole <aconole@redhat.com> Thanks! Applied and backported down to 2.12. Best regards, Ilya Maximets.
diff --git a/lib/odp-util.c b/lib/odp-util.c index 7729a9060..9356bbf6e 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2941,7 +2941,7 @@ odp_nsh_key_from_attr__(const struct nlattr *attr, bool is_mask, const struct ovs_nsh_key_md1 *md1 = nl_attr_get(a); has_md1 = true; memcpy(nsh->context, md1->context, sizeof md1->context); - if (len == 2 * sizeof(*md1)) { + if (nsh_mask && (len == 2 * sizeof(*md1))) { const struct ovs_nsh_key_md1 *md1_mask = md1 + 1; memcpy(nsh_mask->context, md1_mask->context, sizeof(*md1_mask));
This patch fixes (dereference after null check) coverity issue. We should add null check of 'nsh_mask' to avoid passing NULL pointer to memcpy() because the 'nsh_mask' maybe null. Addresses-Coverity: ("Dereference after null check") Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH") Cc: Yi Yang <yi.y.yang@intel.com> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> --- lib/odp-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)