openflow updated
This commit is contained in:
@@ -256,19 +256,37 @@ handle_ofpmsg_flow_stats(struct ofp_buffer *ofpbuf)
|
||||
{
|
||||
int i = 0, reply_len = 0, flow_stats_offset;
|
||||
struct ofp_flow_stats *current_flow_stats = NULL;
|
||||
struct ofp_flow_stats *flow_stats_ptr = NULL;
|
||||
struct ofp_buffer *reply_buffer = NULL;
|
||||
struct ofp_multipart *multipart_reply = NULL;
|
||||
uint16_t flow_length = 0;
|
||||
|
||||
// 计算长度
|
||||
for (; i < FAST_RULE_CNT; i++) {
|
||||
for (i = 0; i < FAST_RULE_CNT; i++) {
|
||||
if (flow_stats_addr[i] != 0) {
|
||||
reply_len += ntohs(((struct ofp_flow_stats *)flow_stats_addr[i])->length);
|
||||
flow_stats_ptr = (struct ofp_flow_stats *)flow_stats_addr[i];
|
||||
// 添加空指针检查和长度有效性检查
|
||||
if (flow_stats_ptr == NULL) {
|
||||
continue;
|
||||
}
|
||||
flow_length = ntohs(flow_stats_ptr->length);
|
||||
// 检查长度是否合理(至少应该包含 ofp_flow_stats 结构体大小)
|
||||
if (flow_length < sizeof(struct ofp_flow_stats) || flow_length > 65535) {
|
||||
printf("Warning: Invalid flow stats length %d at index %d\n", flow_length, i);
|
||||
continue;
|
||||
}
|
||||
reply_len += flow_length;
|
||||
}
|
||||
}
|
||||
reply_len += sizeof(struct ofp_header) + sizeof(struct ofp_multipart);
|
||||
|
||||
// 构造响应包
|
||||
reply_buffer = (struct ofp_buffer *)build_opfmsg_reply_ofpbuf(OFPT_MULTIPART_REPLY, ofpbuf->header.xid, reply_len);
|
||||
if (reply_buffer == NULL) {
|
||||
printf("Error: Failed to allocate reply buffer\n");
|
||||
return HANDLE;
|
||||
}
|
||||
|
||||
multipart_reply = (struct ofp_multipart *)reply_buffer->data;
|
||||
multipart_reply->type = htons(OFPMP_FLOW); // 标识信息
|
||||
multipart_reply->flags = htonl(OFPMP_REPLY_MORE_NO); //这条不用回
|
||||
@@ -279,8 +297,23 @@ handle_ofpmsg_flow_stats(struct ofp_buffer *ofpbuf)
|
||||
|
||||
for (i = 0; i < FAST_RULE_CNT; i++) {
|
||||
if (flow_stats_addr[i] != 0) {
|
||||
memcpy(current_flow_stats, (void *)(uintptr_t)flow_stats_addr[i], ntohs(((struct ofp_flow_stats *)flow_stats_addr[i])->length));
|
||||
flow_stats_offset += ntohs(current_flow_stats->length);
|
||||
flow_stats_ptr = (struct ofp_flow_stats *)flow_stats_addr[i];
|
||||
// 添加空指针检查
|
||||
if (flow_stats_ptr == NULL) {
|
||||
continue;
|
||||
}
|
||||
flow_length = ntohs(flow_stats_ptr->length);
|
||||
// 再次检查长度有效性
|
||||
if (flow_length < sizeof(struct ofp_flow_stats) || flow_length > 65535) {
|
||||
continue;
|
||||
}
|
||||
// 检查是否会超出缓冲区边界
|
||||
if (flow_stats_offset + flow_length > reply_len) {
|
||||
printf("Error: Buffer overflow prevented at index %d\n", i);
|
||||
break;
|
||||
}
|
||||
memcpy(current_flow_stats, (void *)flow_stats_ptr, flow_length);
|
||||
flow_stats_offset += flow_length;
|
||||
current_flow_stats = (struct ofp_flow_stats *)&reply_buffer->data[flow_stats_offset];
|
||||
}
|
||||
}
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user