Validate OpenFlow message length in header, to prevent controller receive loop DoS

When the controller receive loop currently accepts an OpenFlow
message, it does not validate the message length.  As a result, a
malicious or malfunctioning switch could cause send a message that
would result in the receive loop making no forward progress.

This patch ensures that the message length passed in the OpenFlow
message is validated against the specified minimum, and forced to that
value if it is smaller.

Thanks to Samuel Jero (at Purdue's Dependable and Secure Distributed
Systems Lab) for discovering this issue.

Signed-off-by: Victor J. Orlikowski <vjo@duke.edu>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>

0 files changed, 0 insertions, 0 deletions