| Message ID | 1550602210-17126-1-git-send-email-cpp.code.lv@gmail.com |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <ovs-dev-bounces@openvswitch.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="JT6ibjXK"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 443qZ930GNz9s21 for <incoming@patchwork.ozlabs.org>; Wed, 20 Feb 2019 05:50:57 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id F01481AD7; Tue, 19 Feb 2019 18:50:54 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 44A501A06 for <dev@openvswitch.org>; Tue, 19 Feb 2019 18:50:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2AF63806 for <dev@openvswitch.org>; Tue, 19 Feb 2019 18:50:18 +0000 (UTC) Received: by mail-wr1-f51.google.com with SMTP id d17so8728694wre.10 for <dev@openvswitch.org>; Tue, 19 Feb 2019 10:50:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=fP5xrvrw27k4dSBqLiawzWZxsNjw7K0MoMQV2lpKB78=; b=JT6ibjXKAyCbqyy978VzA7Dzi54ZOXN3TkiiHuj85gXVV/Hrw2ZSRLqNCihc2UPuvY CrN2KCci2YawO4rZ/LqQ2EZtOEVxK8CZD1mzcLp+WyRbdhJAb5VYOu0Ch7SNLCwyy0Sc QVlQgKbJ0yi1qeodbA3fQvuRoPwFsnuq6bXAC7cRH2fkdVVPUp7jY19J3cehEr9kOaHC /YpeHIMPmt1qovL4tWvfnugJc4ASOANz3gBDvql6mszuJ/3Rk03l0GtjulBui/L0Tv6L P5ctC4S+x9i91Cvs7tiIHB7HLmsqif81CQsWnYV6ShBaZxXuTx54Cr3GbN25znv3tNY/ 0YWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=fP5xrvrw27k4dSBqLiawzWZxsNjw7K0MoMQV2lpKB78=; b=njyJMZ8pfeQTecZxHS9Ywt+bkuDmHny4r1bYq9ucTABB/LboAyNHyQiNKuDTUj4L+J 0DT/FCP9hVNhQMglVaDxvivQumxzcYNx5f7116VoiMugEd5EOVUuFhcNvcLQTEhq0fG+ /yW4f56yAjGxdx8du9dCImtIBgf61Km3O1+jZQ9aeQ5Rhlg4sTr6ulismv1SULKM7oZN tjCiF+2hOi2ImDyPqSX2aaFBgUB3REP4W3xuTbLdhURXvzJNxWfLxU1yf8qFpPRbWoXE eSz99oYsQaLKTRhaHjWv0Bf01uszgE3QNV1dGhDnvvfPf8avt4VxJzFxCE5XuyVeUCPh BGNw== X-Gm-Message-State: AHQUAubVO0ZtTVVVjLk7McheETYnLYDF66Yi+BUOiH5AhTVTP/odRPeE /YLyQlZB1QXgYkcEsJ//xOMH1ozv X-Google-Smtp-Source: AHgI3IZbQkNeaHX7LjQyKlJnUaVON0TGQoAmchlcflD/PPp20Qfd4H3CrRPfh4OVa7ltEaWjJ3ks+w== X-Received: by 2002:a5d:4f86:: with SMTP id d6mr16980349wru.89.1550602216452; Tue, 19 Feb 2019 10:50:16 -0800 (PST) Received: from ubuntu.localdomain ([213.226.141.107]) by smtp.googlemail.com with ESMTPSA id h137sm6400604wmg.41.2019.02.19.10.50.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 19 Feb 2019 10:50:15 -0800 (PST) From: Toms Atteka <cpp.code.lv@gmail.com> To: dev@openvswitch.org Date: Tue, 19 Feb 2019 10:50:10 -0800 Message-Id: <1550602210-17126-1-git-send-email-cpp.code.lv@gmail.com> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Toms Atteka <cpp.code.lv@gmail.com> Subject: [ovs-dev] [PATCHv2] netlink: added check to prevent netlink attribute overflow X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: <ovs-dev.openvswitch.org> List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe> List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/> List-Post: <mailto:ovs-dev@openvswitch.org> List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help> List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=subscribe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org |
| Series |
[ovs-dev,PATCHv2] netlink: added check to prevent netlink attribute overflow
|
expand
|
diff --git a/lib/odp-util.c b/lib/odp-util.c index e893f46..e288ae8 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names, n += retval; } + if (actions->size > UINT16_MAX) { + return -EFBIG; + } + return n; }
If enough large input is passed to odp_actions_from_string it can cause netlink attribute to overflow. ovs_assert was added just before the problematic code so it could be debugged faster in similar cases if they would arise. Check for buffer size was added to prevent entering this function and returning appropriate error code. Basic manual testing was performed. Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231 Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com> --- lib/odp-util.c | 4 ++++ 1 file changed, 4 insertions(+)