From 6a5d4138d6317922fd3386f096ff45f08cdc9544 Mon Sep 17 00:00:00 2001 From: Jean Tourrilhes Date: Thu, 8 Oct 2009 10:39:49 -0700 Subject: [PATCH] ovs-ofctl: Fix use-after-free error in mod-flows command. --- utilities/ovs-ofctl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-ofctl.c b/utilities/ovs-ofctl.c index 04a869a2f..761141597 100644 --- a/utilities/ovs-ofctl.c +++ b/utilities/ovs-ofctl.c @@ -916,11 +916,15 @@ do_mod_flows(const struct settings *s, int argc UNUSED, char *argv[]) struct vconn *vconn; struct ofpbuf *buffer; struct ofp_flow_mod *ofm; + struct ofp_match match; - /* Parse and send. */ - ofm = make_openflow(sizeof *ofm, OFPT_FLOW_MOD, &buffer); - str_to_flow(argv[2], &ofm->match, buffer, + /* Parse and send. str_to_flow() will expand and reallocate the data in + * 'buffer', so we can't keep pointers to across the str_to_flow() call. */ + make_openflow(sizeof *ofm, OFPT_FLOW_MOD, &buffer); + str_to_flow(argv[2], &match, buffer, NULL, NULL, &priority, &idle_timeout, &hard_timeout); + ofm = buffer->data; + ofm->match = match; if (s->strict) { ofm->command = htons(OFPFC_MODIFY_STRICT); } else { -- 2.43.0