flow: Fix wild pointer dereference in flow_compose().

The 'ip' variable in flow_compose() points to some memory allocated in an ofpbuf. The ofpbuf is modified without making the necessary updates to the location of 'ip' causing a potential wild memory access. Found by inspection. Signed-off-by: Ethan Jackson <ethan@nicira.com>
author: Ethan Jackson <ethan@nicira.com> 2012-08-01 13:01:01 -0700
committer: Ethan Jackson <ethan@nicira.com> 2012-08-01 13:48:06 -0700
commit: 77c988b634c13aaba2d716a7d5d774d5fea9b2f4 (patch)
tree: 2c6665e481f4a81d469812d8b8e3a2b2022d2737
parent: 9bb9fa77d06edc090f304fd92856ca378758889d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/flow.c b/lib/flow.c
index fc616106..fa4f5d55 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1080,6 +1080,7 @@ flow_compose(struct ofpbuf *b, const struct flow *flow)
             }
         }
 
+        ip = b->l3;
         ip->ip_tot_len = htons((uint8_t *) b->data + b->size
                                - (uint8_t *) b->l3);
     } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
author	Ethan Jackson <ethan@nicira.com>	2012-08-01 13:01:01 -0700
committer	Ethan Jackson <ethan@nicira.com>	2012-08-01 13:48:06 -0700
commit	77c988b634c13aaba2d716a7d5d774d5fea9b2f4 (patch)
tree	2c6665e481f4a81d469812d8b8e3a2b2022d2737
parent	9bb9fa77d06edc090f304fd92856ca378758889d (diff)