File 0011-odp-util-Stop-parse-odp-actions-if-nlattr-... of Package openvswitch.10750

Overview Repositories Revisions Requests Users Attributes Meta

File 0011-odp-util-Stop-parse-odp-actions-if-nlattr-is-overflo.patch of Package openvswitch.10750

From e14786fade181032aa83c339ba859887733756a5 Mon Sep 17 00:00:00 2001
From: Yifeng Sun <pkusunyifeng@gmail.com>
Date: Fri, 1 Feb 2019 15:56:04 -0800
Subject: [PATCH 11/14] odp-util: Stop parse odp actions if nlattr is overflow

`encap = nl_msg_start_nested(key, OVS_KEY_ATTR_ENCAP)` ensures that
key->size >= (encap + NLA_HDRLEN), so the `if` statement is safe.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11306
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
---
 lib/odp-util.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index c71b0e4df..0b893aca4 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -3764,6 +3764,10 @@ parse_odp_key_mask_attr(const char *s, const struct simap *port_names,
             if (retval < 0) {
                 return retval;
             }
+
+            if (nl_attr_oversized(key->size - encap - NLA_HDRLEN)) {
+                return -E2BIG;
+            }
             s += retval;
         }
         s++;
-- 
2.21.0

Places

File 0011-odp-util-Stop-parse-odp-actions-if-nlattr-is-overflo.patch of Package openvswitch.10750

Places