From patchwork Fri Jul 14 12:39:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1807805 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Jpmj0G+g; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R2WJC3L8pz20bh for ; Fri, 14 Jul 2023 22:39:23 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 049F360AE5; Fri, 14 Jul 2023 12:39:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 049F360AE5 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Jpmj0G+g X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeiSPLZittkd; Fri, 14 Jul 2023 12:39:20 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 222B360AA8; Fri, 14 Jul 2023 12:39:19 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 222B360AA8 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C5E79C0072; Fri, 14 Jul 2023 12:39:18 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A52DAC0032 for ; Fri, 14 Jul 2023 12:39:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 72A3560AA8 for ; Fri, 14 Jul 2023 12:39:16 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 72A3560AA8 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwyHw5I5Lt50 for ; Fri, 14 Jul 2023 12:39:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3E51660AB3 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3E51660AB3 for ; Fri, 14 Jul 2023 12:39:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1689338352; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZLaJ+FD/no1EwOSE5dH0ZiKzKDW4y9C8VIdIVjbIwd8=; b=Jpmj0G+g9gd8KHns5fSSRqkwOIYjNpcLXrBYdtgHg6/DLr4T5LQBVtRzSEm4rcazZbelgc ud7lipz72inxq33jEl4svVPzldpz4RwbPO3tJFC1Shk/EaPJpDjP8Ek1ABLJGWsdGkbUC0 nO9AX3Cmn2Wih6t8Sl6QTUygBRaG/N0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-619-9WfvhhZMNxe_05aYiYhfvg-1; Fri, 14 Jul 2023 08:39:11 -0400 X-MC-Unique: 9WfvhhZMNxe_05aYiYhfvg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5D75C8022EF for ; Fri, 14 Jul 2023 12:39:11 +0000 (UTC) Received: from dceara.remote.csb (unknown [10.39.192.232]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9C48C40C2063; Fri, 14 Jul 2023 12:39:10 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 14 Jul 2023 14:39:07 +0200 Message-Id: <20230714123907.417977-1-dceara@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn] pinctrl: Cap the max size of a prefix delegation DUID value. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" It's specified in RFC 8415. This also avoids having to free/realloc the pfd->uuid.data memory. That part was not correct anyway and was flagged by ASAN as a memleak: Direct leak of 42 byte(s) in 3 object(s) allocated from: #0 0x55e5b6354c9e in malloc (/workspace/ovn-tmp/controller/ovn-controller+0x2edc9e) (BuildId: f963f8c756bd5a2207a9b3c922d4362e46bb3162) #1 0x55e5b671878d in xmalloc__ /workspace/ovn-tmp/ovs/lib/util.c:140:15 #2 0x55e5b671878d in xmalloc /workspace/ovn-tmp/ovs/lib/util.c:175:12 #3 0x55e5b642cebc in pinctrl_parse_dhcpv6_reply /workspace/ovn-tmp/controller/pinctrl.c:997:20 #4 0x55e5b642cebc in pinctrl_handle_dhcp6_server /workspace/ovn-tmp/controller/pinctrl.c:1040:9 #5 0x55e5b642cebc in process_packet_in /workspace/ovn-tmp/controller/pinctrl.c:3210:9 #6 0x55e5b642cebc in pinctrl_recv /workspace/ovn-tmp/controller/pinctrl.c:3290:9 #7 0x55e5b642cebc in pinctrl_handler /workspace/ovn-tmp/controller/pinctrl.c:3385:17 #8 0x55e5b66ef664 in ovsthread_wrapper /workspace/ovn-tmp/ovs/lib/ovs-thread.c:423:12 #9 0x7faa30194b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) Fixes: faa44a0c60a3 ("controller: IPv6 Prefix-Delegation: introduce RENEW/REBIND msg support") Signed-off-by: Dumitru Ceara Signed-off-by: Ales Musil Acked-by: Ales Musil Acked-by: Lorenzo Bianconi --- controller/pinctrl.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 6027ba0afb..bed90fe0b7 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -674,6 +674,14 @@ enum { PREFIX_REBIND, }; +/* According to RFC 8415, section 11: + * A DUID consists of a 2-octet type code represented in network byte + * order, followed by a variable number of octets that make up the + * actual identifier. The length of the DUID (not including the type + * code) is at least 1 octet and at most 128 octets. +*/ +#define DHCPV6_MAX_DUID_LEN 130 + struct ipv6_prefixd_state { long long int next_announce; long long int last_complete; @@ -683,7 +691,7 @@ struct ipv6_prefixd_state { struct eth_addr sa; /* server_id_info */ struct { - uint8_t *data; + uint8_t data[DHCPV6_MAX_DUID_LEN]; uint8_t len; } uuid; struct in6_addr ipv6_addr; @@ -899,7 +907,7 @@ pinctrl_prefixd_state_handler(const struct flow *ip_flow, struct eth_addr sa, struct in6_addr server_addr, char prefix_len, unsigned t1, unsigned t2, unsigned plife_time, unsigned vlife_time, - uint8_t *uuid, uint8_t uuid_len) + const uint8_t *uuid, uint8_t uuid_len) { struct ipv6_prefixd_state *pfd; @@ -908,7 +916,7 @@ pinctrl_prefixd_state_handler(const struct flow *ip_flow, pfd->state = PREFIX_PENDING; pfd->server_addr = server_addr; pfd->sa = sa; - pfd->uuid.data = uuid; + memcpy(pfd->uuid.data, uuid, uuid_len); pfd->uuid.len = uuid_len; pfd->plife_time = plife_time * 1000; pfd->vlife_time = vlife_time * 1000; @@ -933,8 +941,9 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, unsigned char *in_dhcpv6_data = (unsigned char *)(udp_in + 1); size_t dlen = MIN(ntohs(udp_in->udp_len), dp_packet_l4_size(pkt_in)); unsigned t1 = 0, t2 = 0, vlife_time = 0, plife_time = 0; - uint8_t *end = (uint8_t *)udp_in + dlen, *uuid = NULL; + uint8_t *end = (uint8_t *) udp_in + dlen; uint8_t prefix_len = 0, uuid_len = 0; + uint8_t uuid[DHCPV6_MAX_DUID_LEN]; struct in6_addr ipv6 = in6addr_any; bool status = false; unsigned aid = 0; @@ -993,8 +1002,7 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, break; } case DHCPV6_OPT_SERVER_ID_CODE: - uuid_len = ntohs(in_opt->len); - uuid = xmalloc(uuid_len); + uuid_len = MIN(ntohs(in_opt->len), DHCPV6_MAX_DUID_LEN); memcpy(uuid, in_opt + 1, uuid_len); break; default: @@ -1014,8 +1022,6 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, pinctrl_prefixd_state_handler(ip_flow, ipv6, aid, eth->eth_src, ip6_src, prefix_len, t1, t2, plife_time, vlife_time, uuid, uuid_len); - } else if (uuid) { - free(uuid); } } @@ -1212,10 +1218,7 @@ static bool ipv6_prefixd_should_inject(void) if (pfd->state == PREFIX_RENEW && cur_time > pfd->last_complete + pfd->t2) { pfd->state = PREFIX_REBIND; - if (pfd->uuid.len) { - free(pfd->uuid.data); - pfd->uuid.len = 0; - } + pfd->uuid.len = 0; return true; } if (pfd->state == PREFIX_REBIND && @@ -1409,12 +1412,8 @@ prepare_ipv6_prefixd(struct ovsdb_idl_txn *ovnsb_idl_txn, SHASH_FOR_EACH_SAFE (iter, &ipv6_prefixd) { struct ipv6_prefixd_state *pfd = iter->data; if (pfd->last_used + IPV6_PREFIXD_STALE_TIMEOUT < time_msec()) { - if (pfd->uuid.len) { - free(pfd->uuid.data); - pfd->uuid.len = 0; - } - free(pfd); shash_delete(&ipv6_prefixd, iter); + free(pfd); } }