Re: [ovs-dev] [PATCH] odp-util: Validate values of vid and pcp in push_vlan action

[Ben Pfaff]

On Tue, Nov 27, 2018 at 04:10:12PM -0800, Yifeng Sun wrote:
> Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of
> "Undefined-shift in parse_odp_action". This is because an invalid
> value of vid is passed in push_vlan. This patch adds validation to
> the value of vid, in addition to the value of pcp.
> 
> Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520
> Signed-off-by: Yifeng Sun 

Thanks, applied to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] odp-util: Validate values of vid and pcp in push_vlan action

[Yifeng Sun]

Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of
"Undefined-shift in parse_odp_action". This is because an invalid
value of vid is passed in push_vlan. This patch adds validation to
the value of vid, in addition to the value of pcp.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520
Signed-off-by: Yifeng Sun 
---
 lib/odp-util.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index bb6669b37af9..1e8c5f194793 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2282,6 +2282,10 @@ parse_odp_action(const char *s, const struct simap 
*port_names,
 , , , )
 || ovs_scan(s, "push_vlan(tpid=%i,vid=%i,pcp=%i,cfi=%i)%n",
 , , , , )) {
+if ((vid & ~(VLAN_VID_MASK >> VLAN_VID_SHIFT)) != 0
+|| (pcp & ~(VLAN_PCP_MASK >> VLAN_PCP_SHIFT)) != 0) {
+return -EINVAL;
+}
 push.vlan_tpid = htons(tpid);
 push.vlan_tci = htons((vid << VLAN_VID_SHIFT)
   | (pcp << VLAN_PCP_SHIFT)
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev