From e818f1b610551d2751786ec9c09bd25925fdf851 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Thu, 8 Jan 2009 17:13:30 -0800
Subject: [PATCH] dpctl: Fix use-after-free in "probe" command.

Found by Chris Eagle via Fortify.
---
 utilities/dpctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utilities/dpctl.c b/utilities/dpctl.c
index 8fa0da850..923e04874 100644
--- a/utilities/dpctl.c
+++ b/utilities/dpctl.c
@@ -1124,7 +1124,7 @@ do_probe(const struct settings *s, int argc, char *argv[])
     make_openflow(sizeof(struct ofp_header), OFPT_ECHO_REQUEST, &request);
     open_vconn(argv[1], &vconn);
     run(vconn_transact(vconn, request, &reply), "talking to %s", argv[1]);
-    if (reply->size != request->size) {
+    if (reply->size != sizeof(struct ofp_header)) {
         ofp_fatal(0, "reply does not match request");
     }
     ofpbuf_delete(reply);
-- 
2.43.0