If enough large input is passed to odp_actions_from_string it can cause netlink attribute to overflow. ovs_assert was added just before the problematic code so it could be debugged faster in similar cases if they would arise. Check for buffer size was added to prevent entering this function and returning appropriate error code.
Basic manual testing was performed. Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231 Signed-off-by: Toms Atteka <[email protected]> --- lib/odp-util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/odp-util.c b/lib/odp-util.c index e893f46..e288ae8 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names, n += retval; } + if (actions->size > UINT16_MAX) { + return -EFBIG; + } + return n; } -- 2.7.4 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
