ofproto-dpif: Avoid bad pointer dereference in execute_odp_actions().

execute_odp_actions() can be passed a zero-length set of actions, in which case it may not dereference its 'odp_actions' parameter at all, but in fact it did do so. In at least one corner case, odp_actions can be NULL, so that this caused a segfault. Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace actions from flows to actions." Reported-by: Pravin Shelar <pshelar@nicira.com>
author: Ben Pfaff <blp@nicira.com> 2011-10-13 10:16:59 -0700
committer: Ben Pfaff <blp@nicira.com> 2011-10-13 12:56:38 -0700
commit: b6bff4e9abaf2d9a53136854a733b7c4c5d4384e (patch)
tree: 6b9338d3e4e5d4452741987b9333eef128970a5c
parent: 077257b83c68a36ea86f2d21c8395f60df710c21 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 36635fc6..8e5a8630 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow,
     struct ofpbuf key;
     int error;
 
-    if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
-        && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
+    if (actions_len == 0) {
+        return true;
+    } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE
+               && NLA_ALIGN(odp_actions->nla_len) == actions_len) {
         struct user_action_cookie cookie;
         struct dpif_upcall upcall;
         uint64_t cookie_u64;
author	Ben Pfaff <blp@nicira.com>	2011-10-13 10:16:59 -0700
committer	Ben Pfaff <blp@nicira.com>	2011-10-13 12:56:38 -0700
commit	b6bff4e9abaf2d9a53136854a733b7c4c5d4384e (patch)
tree	6b9338d3e4e5d4452741987b9333eef128970a5c
parent	077257b83c68a36ea86f2d21c8395f60df710c21 (diff)