Ilya Maximets <[email protected]> writes: > On 12/20/22 15:36, Aaron Conole wrote: >> The OVS LLDP implementation includes support for AutoAttach standard, which >> the 'upstream' lldpd project does not include. As part of adding this >> support, the message parsing for these TLVs did not include proper length >> checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the >> LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message >> without a proper boundary will cause an overread of memory, and lead to >> undefined results, including crashes or other unidentified behavior. >> >> The fix is to introduce proper bounds checking for these elements. Introduce >> a unit test to ensure that we have some proper rejection in this code >> base in the future. >> >> Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") >> Signed-off-by: Qian Chen <[email protected]> >> Co-authored-by: Aaron Conole <[email protected]> >> Signed-off-by: Aaron Conole <[email protected]> >> --- >> NOTES: This bug is publicly known and disclosed at >> https://github.com/openvswitch/ovs/pull/405 which makes this mostly >> a repost. >> v2: Convert from system traffic test to a basic unit test >> >> lib/lldp/lldp.c | 2 ++ >> tests/ofproto-dpif.at | 19 +++++++++++++++++++ >> 2 files changed, 21 insertions(+) > > Thanks! I fixed the authorship that changed between the versions > for some reason and applied the fix. Backported down to 2.13.
Thanks - not sure how that happened. > Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
