openvswitch: Fix CVE-2017-9263

Backport patch file to fix CVE-2017-9263 Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Fan Xin <fan.xin@jp.fujitsu.com> 2017-06-09 14:50:47 +0900
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2017-06-13 18:26:15 -0400
commit: 3c427eafce21c615d5da76f261329497f7fcfeac (patch)
tree: dec5ff9cbe5a2093953b603a42855859b4e46cf4 /recipes-networking/openvswitch/openvswitch-git
parent: 3e1d16db4aa3a76aa4086de49f3b62337c7f4efa (diff)
download: meta-virtualization-3c427eafce21c615d5da76f261329497f7fcfeac.tar.gz
1 files changed, 29 insertions, 0 deletions
diff --git a/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
new file mode 100644
index 00000000..0fc3aa1a
--- /dev/null
+++ b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
@@ -0,0 +1,29 @@
+A buggy or malicious switch could send a role status message with a bad
+reason code, which if printed by OVS would cause it to abort.  This fixes
+the problem.
+CVE: CVE-2017-9263
+Upstream-Status: Submitted
+Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
+Signed-off-by: Ben Pfaff <blp at ovn.org>
+---
+ lib/ofp-print.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/lib/ofp-print.c b/lib/ofp-print.c
+index 7ca953100539..1932baf4871f 100644
+--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
+@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds *string, const struct ofp_header *oh)
+         break;
+     case OFPCRR_N_REASONS:
+     default:
+-        OVS_NOT_REACHED();
+        ds_put_cstr(string, "(unknown)");
+        break;
+     }
+ }
+ 
+-- 
+2.10.2
author	Fan Xin <fan.xin@jp.fujitsu.com>	2017-06-09 14:50:47 +0900
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2017-06-13 18:26:15 -0400
commit	3c427eafce21c615d5da76f261329497f7fcfeac (patch)
tree	dec5ff9cbe5a2093953b603a42855859b4e46cf4 /recipes-networking/openvswitch/openvswitch-git
parent	3e1d16db4aa3a76aa4086de49f3b62337c7f4efa (diff)
download	meta-virtualization-3c427eafce21c615d5da76f261329497f7fcfeac.tar.gz

diff --git a/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch new file mode 100644 index 00000000..0fc3aa1a --- /dev/null +++ b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
@@ -0,0 +1,29 @@
	1	A buggy or malicious switch could send a role status message with a bad
	2	reason code, which if printed by OVS would cause it to abort. This fixes
	3	the problem.
	4
	5	CVE: CVE-2017-9263
	6	Upstream-Status: Submitted
	7
	8	Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
	9	Signed-off-by: Ben Pfaff <blp at ovn.org>
	10	---
	11	lib/ofp-print.c \| 3 ++-
	12	1 file changed, 2 insertions(+), 1 deletion(-)
	13
	14	diff --git a/lib/ofp-print.c b/lib/ofp-print.c
	15	index 7ca953100539..1932baf4871f 100644
	16	--- a/lib/ofp-print.c
	17	+++ b/lib/ofp-print.c
	18	@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds string, const struct ofp_header oh)
	19	break;
	20	case OFPCRR_N_REASONS:
	21	default:
	22	- OVS_NOT_REACHED();
	23	+ ds_put_cstr(string, "(unknown)");
	24	+ break;
	25	}
	26	}
	27
	28	--
	29	2.10.2