If enough large input is passed to odp_actions_from_string it can cause netlink attribute to overflow. Check for buffer size was added to prevent entering this function and returning appropriate error code.
Basic manual testing was performed. Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231 Signed-off-by: Toms Atteka <[email protected]> --- lib/odp-util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/odp-util.c b/lib/odp-util.c index e893f46..e288ae8 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names, n += retval; } + if (actions->size > UINT16_MAX) { + return -EFBIG; + } + return n; } -- 2.7.4 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
