From: Ben Pfaff <blp@nicira.com>
Date: Fri, 9 Jan 2009 01:13:30 +0000 (-0800)
Subject: dpctl: Fix use-after-free in "probe" command.
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=e818f1b610551d2751786ec9c09bd25925fdf851;p=sliver-openvswitch.git

dpctl: Fix use-after-free in "probe" command.

Found by Chris Eagle via Fortify.
---

diff --git a/utilities/dpctl.c b/utilities/dpctl.c
index 8fa0da850..923e04874 100644
--- a/utilities/dpctl.c
+++ b/utilities/dpctl.c
@@ -1124,7 +1124,7 @@ do_probe(const struct settings *s, int argc, char *argv[])
     make_openflow(sizeof(struct ofp_header), OFPT_ECHO_REQUEST, &request);
     open_vconn(argv[1], &vconn);
     run(vconn_transact(vconn, request, &reply), "talking to %s", argv[1]);
-    if (reply->size != request->size) {
+    if (reply->size != sizeof(struct ofp_header)) {
         ofp_fatal(0, "reply does not match request");
     }
     ofpbuf_delete(reply);