Dumitru Ceara <[email protected]> writes: > Some openflow actions can be misaligned, e.g., actions whithin OF 1.0 > replies to statistics reply messages which have a header of 12 bytes > and no additional padding. > > Also, buggy controllers might incorrectly encode actions. > > When decoding multiple actions in ofpacts_decode(), make sure that > when advancing to the next action it will be properly aligned > (multiple of OFPACT_ALIGNTO). > > Detected by UB Sanitizer when running one of the fuzz tests: > lib/ofp-actions.c:5347:12: runtime error: member access within misaligned > address 0x0000016ba274 for type 'const struct nx_action_learn', which > requires 8 byte alignment > 0x0000016ba274: note: pointer points here > 20 20 20 20 ff ff 00 38 00 00 23 20 00 10 20 20 20 20 20 20 20 20 20 20 > 20 20 20 20 00 03 20 00 > ^ > #0 0x52cece in decode_LEARN_common lib/ofp-actions.c:5347 > #1 0x52dcf6 in decode_NXAST_RAW_LEARN lib/ofp-actions.c:5463 > #2 0x548604 in ofpact_decode lib/ofp-actions.inc2:4723 > #3 0x53ee43 in ofpacts_decode lib/ofp-actions.c:7781 > #4 0x53efc1 in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7820 > #5 0x5409e1 in ofpacts_pull_openflow_instructions lib/ofp-actions.c:8396 > #6 0x5608a8 in ofputil_decode_flow_stats_reply lib/ofp-flow.c:1100 > > Acked-by: Adrian Moreno <[email protected]> > Signed-off-by: Dumitru Ceara <[email protected]> > ---
Acked-by: Aaron Conole <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
