On 12/20/22 15:36, Aaron Conole wrote:
> The OVS LLDP implementation includes support for AutoAttach standard, which
> the 'upstream' lldpd project does not include. As part of adding this
> support, the message parsing for these TLVs did not include proper length
> checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
> LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
> without a proper boundary will cause an overread of memory, and lead to
> undefined results, including crashes or other unidentified behavior.
>
> The fix is to introduce proper bounds checking for these elements. Introduce
> a unit test to ensure that we have some proper rejection in this code
> base in the future.
>
> Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
> Signed-off-by: Qian Chen <[email protected]>
> Co-authored-by: Aaron Conole <[email protected]>
> Signed-off-by: Aaron Conole <[email protected]>
> ---
> NOTES: This bug is publicly known and disclosed at
> https://github.com/openvswitch/ovs/pull/405 which makes this mostly
> a repost.
> v2: Convert from system traffic test to a basic unit test
>
> lib/lldp/lldp.c | 2 ++
> tests/ofproto-dpif.at | 19 +++++++++++++++++++
> 2 files changed, 21 insertions(+)
Thanks! I fixed the authorship that changed between the versions
for some reason and applied the fix. Backported down to 2.13.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
