On 2/19/2019 10:55 AM, Toms Atteka wrote:
If enough large input is passed to odp_actions_from_string it can
cause netlink attribute to overflow.
Check for buffer size was added to prevent entering this function
and returning appropriate error code.
Basic manual testing was performed.
Reported-by:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231
Signed-off-by: Toms Atteka <[email protected]>
---
lib/odp-util.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index e893f46..e288ae8 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap
*port_names,
n += retval;
}
+ if (actions->size > UINT16_MAX) {
+ return -EFBIG;
+ }
+
return n;
}
Hi Toms,
Thanks for the patch. Question though, why EFBIG instead of E2BIG? This
would appear to be a situation in
which too many arguments are sent (E2BIG) but then maybe it is from a
file (EFBIG)?
Also, I see this is a version 3 of this patch? What changed from
version 1 to version 3? Commonly the
changes from each version of a patch are posted beneath the git
separator '---'. Like below...
Thanks,
- Greg
Signed-off-by: Martin Xu <[email protected]>
CC: Flavio Leitner <[email protected]>
CC: Yi-Hung Wei <[email protected]> CC: Yifeng Sun
<[email protected]> CC: Zak Whittington <[email protected]>
CC: Ben Pfaff <[email protected]> --- v1->v2: adds "Obsoletes" tag needed for
upgrade after renaming adds more reviewers
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
