[ovs-dev,v2] odp-util: Use flexible sized buffer to hold Geneve options.

Message ID 20171204195143.15325-1-blp@ovn.org
State New
Headers show
Series
  • [ovs-dev,v2] odp-util: Use flexible sized buffer to hold Geneve options.
Related show

Commit Message

Ben Pfaff Dec. 4, 2017, 7:51 p.m.
The 'mask' buffer in parse_odp_action() is supposed to always be big
enough:
        /* 'mask' is big enough to hold any key. */

Geneve options can be really big and the comment was wrong.  In addition,
the user might supply more options than can really fit in any case, so
we might as well just use a stub.

Found by libfuzzer.

Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
---
v1->v2: Use stub because the user can supply more options than fit in any
case.

 lib/odp-util.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Patch

diff --git a/lib/odp-util.c b/lib/odp-util.c
index a3211118c17c..26e617754dd3 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -1965,20 +1965,19 @@  parse_odp_action(const char *s, const struct simap *port_names,
     if (!strncmp(s, "set(", 4)) {
         size_t start_ofs;
         int retval;
-        struct nlattr mask[128 / sizeof(struct nlattr)];
-        struct ofpbuf maskbuf;
+        struct nlattr mask[1024 / sizeof(struct nlattr)];
+        struct ofpbuf maskbuf = OFPBUF_STUB_INITIALIZER(mask);
         struct nlattr *nested, *key;
         size_t size;
 
-        /* 'mask' is big enough to hold any key. */
-        ofpbuf_use_stack(&maskbuf, mask, sizeof mask);
-
         start_ofs = nl_msg_start_nested(actions, OVS_ACTION_ATTR_SET);
         retval = parse_odp_key_mask_attr(s + 4, port_names, actions, &maskbuf);
         if (retval < 0) {
+            ofpbuf_uninit(&maskbuf);
             return retval;
         }
         if (s[retval + 4] != ')') {
+            ofpbuf_uninit(&maskbuf);
             return -EINVAL;
         }
 
@@ -2005,6 +2004,7 @@  parse_odp_action(const char *s, const struct simap *port_names,
                 nested->nla_type = OVS_ACTION_ATTR_SET_MASKED;
             }
         }
+        ofpbuf_uninit(&maskbuf);
 
         nl_msg_end_nested(actions, start_ofs);
         return retval + 5;