Re: [ovs-dev] [PATCH v2] odp-util: Validate close-brace in scan_geneve and fix return values of san_xxx functions

[Ben Pfaff]

On Thu, Nov 01, 2018 at 10:33:03AM -0700, Yifeng Sun wrote:
> This patch adds validation of close-braces in scan_geneve. An simple
> example is "set(encap(tunnel(geneve({{". When scan_geneve returns,
> (struct geneve_scan *key)->len equals to 2*sizeof(struct geneve_opt).
> That seems not correct.
> 
> Found this issue while inspecting oss-fuzz
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11153.
> 
> In addition, SCAN_TYPE expects scan_XXX functions to return 0
> on errors. This patch inspects all related scan_XXX functions
> and fixes their return values.
> 
> Signed-off-by: Yifeng Sun 

Thanks, applied to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] odp-util: Validate close-brace in scan_geneve and fix return values of san_xxx functions

[Yifeng Sun]

This patch adds validation of close-braces in scan_geneve. An simple
example is "set(encap(tunnel(geneve({{". When scan_geneve returns,
(struct geneve_scan *key)->len equals to 2*sizeof(struct geneve_opt).
That seems not correct.

Found this issue while inspecting oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11153.

In addition, SCAN_TYPE expects scan_XXX functions to return 0
on errors. This patch inspects all related scan_XXX functions
and fixes their return values.

Signed-off-by: Yifeng Sun 
---
v1->v2: Added example in commit message by Ben's suggestion.

 lib/odp-util.c | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index 626a03b7686f..f50de7fd275c 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -4812,7 +4812,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t 
*mask)
 s += 3;
 len = scan_be16(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4824,7 +4824,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t 
*mask)
 s += 6;
 len = scan_u8(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4858,7 +4858,7 @@ scan_erspan_metadata(const char *s,
 s += 4;
 len = scan_u8(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4872,7 +4872,7 @@ scan_erspan_metadata(const char *s,
 s += 4;
 len = scan_u32(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4892,7 +4892,7 @@ scan_erspan_metadata(const char *s,
 s += 4;
 len = scan_u8(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4903,7 +4903,7 @@ scan_erspan_metadata(const char *s,
 s += 5;
 len = scan_u8(s, , mask ? _mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 }
@@ -4944,7 +4944,7 @@ scan_geneve(const char *s, struct geneve_scan *key, 
struct geneve_scan *mask)
 len = scan_be16(s, >opt_class,
 mask ? _mask->opt_class : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 } else if (mask) {
@@ -4958,7 +4958,7 @@ scan_geneve(const char *s, struct geneve_scan *key, 
struct geneve_scan *mask)
 s += 5;
 len = scan_u8(s, >type, mask ? _mask->type : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 } else if (mask) {
@@ -4973,7 +4973,7 @@ scan_geneve(const char *s, struct geneve_scan *key, 
struct geneve_scan *mask)
 s += 4;
 len = scan_u8(s, _len, mask ? _len_mask : NULL);
 if (len == 0) {
-return -EINVAL;
+return 0;
 }
 s += len;
 
@@ -5016,6 +5016,8 @@ scan_geneve(const char *s, struct geneve_scan *key, 
struct geneve_scan *mask)
 opt_mask += 1 + data_len / 4;
 }
 len_remain -= data_len;
+} else {
+return 0;
 }
 }
 
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev