The 'mask' buffer in parse_odp_action() is supposed to always be big
enough:
/* 'mask' is big enough to hold any key. */
Geneve options can be really big and the comment was wrong. This commit
fixes the problem.
Found by libfuzzer.
Reported-by: Bhargava Shastry <[email protected]>
Signed-off-by: Ben Pfaff <[email protected]>
---
lib/odp-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 45a890c46aa0..13880b0749ee 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -1962,7 +1962,7 @@ parse_odp_action(const char *s, const struct simap
*port_names,
if (!strncmp(s, "set(", 4)) {
size_t start_ofs;
int retval;
- struct nlattr mask[128 / sizeof(struct nlattr)];
+ struct nlattr mask[1024 / sizeof(struct nlattr)];
struct ofpbuf maskbuf;
struct nlattr *nested, *key;
size_t size;
--
2.10.2
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
