[ovs-dev] ossfuzz: Remove duplicate tcp flags parsing in flow extract target
diff mbox series

Message ID 20190621125035.17458-1-bshas3@gmail.com
State New
Headers show
Series
  • [ovs-dev] ossfuzz: Remove duplicate tcp flags parsing in flow extract target
Related show

Commit Message

bshas3@gmail.com June 21, 2019, 12:50 p.m. UTC
From: Bhargava Shastry <bshas3@gmail.com>

During a code audit, the flow extraction fuzzer target was seen to be
 parsing tcp flags from the fuzzer supplied input twice. This is
probably a typo since the second call to `parse_tcp_flags()` is
identical to the first.
Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers
contained in the packet, the second (buggy) call to `parse_tcp_flags()`
creates an expectation that there is a second set of Ethernet and IP
headers beyond the first which is incorrect. This patch fixes this
problem by removing the duplicate code in question.

Signed-off-by: Bhargava Shastry <bshas3@gmail.com>
---
 tests/oss-fuzz/flow_extract_target.c | 6 ------
 1 file changed, 6 deletions(-)

Comments

Ben Pfaff July 3, 2019, 6:09 p.m. UTC | #1
On Fri, Jun 21, 2019 at 02:50:35PM +0200, bshas3@gmail.com wrote:
> From: Bhargava Shastry <bshas3@gmail.com>
> 
> During a code audit, the flow extraction fuzzer target was seen to be
>  parsing tcp flags from the fuzzer supplied input twice. This is
> probably a typo since the second call to `parse_tcp_flags()` is
> identical to the first.
> Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers
> contained in the packet, the second (buggy) call to `parse_tcp_flags()`
> creates an expectation that there is a second set of Ethernet and IP
> headers beyond the first which is incorrect. This patch fixes this
> problem by removing the duplicate code in question.
> 
> Signed-off-by: Bhargava Shastry <bshas3@gmail.com>

Thanks.  Applied to master.

Patch
diff mbox series

diff --git a/tests/oss-fuzz/flow_extract_target.c b/tests/oss-fuzz/flow_extract_target.c
index 4a7451411..869d1e63e 100644
--- a/tests/oss-fuzz/flow_extract_target.c
+++ b/tests/oss-fuzz/flow_extract_target.c
@@ -60,12 +60,6 @@  LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         ignore(tcp_flags);
     }
 
-    /* Parse TCP flags. */
-    if (dp_packet_size(&packet) >= ETH_HEADER_LEN) {
-        uint16_t tcp_flags = parse_tcp_flags(&packet);
-        ignore(tcp_flags);
-    }
-
     /* Count headers. */
     int count = flow_count_vlan_headers(&flow);
     ignore(count);