From patchwork Tue Mar 12 15:26:43 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Toms Atteka <cpp.code.lv@gmail.com>
X-Patchwork-Id: 1055468
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="U41yOYPy"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44Jf3152jQz9s4V
	for <incoming@patchwork.ozlabs.org>;
	Wed, 13 Mar 2019 02:26:53 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 4BCD3CAA;
	Tue, 12 Mar 2019 15:26:52 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 03159C86
	for <dev@openvswitch.org>; Tue, 12 Mar 2019 15:26:51 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com
	[209.85.221.54])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 75FC4827
	for <dev@openvswitch.org>; Tue, 12 Mar 2019 15:26:50 +0000 (UTC)
Received: by mail-wr1-f54.google.com with SMTP id p8so3168594wrq.6
	for <dev@openvswitch.org>; Tue, 12 Mar 2019 08:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=PFfLfckSG1VEWdtGFUYiXgyioZX9p3b9UGjDbSAMolI=;
	b=U41yOYPyUkwcylgoGC4cBTU7IZPa65jh1wUSe02TUQsA49PFGcvi2FSpxEn1gsKMvE
	tJ1kC0xKwEAYiBDtsJEF5jcDj1Q1aynXaNfQ84hrA5U3NT2tH3YBHh9aY+Nu/EUbltDI
	gUbtAw+Uh1ULubWurEgbuWE5V2epkC27FfcLj9I7x4M8HLucxNtwdua8Njeo1NgnCk8n
	VMUXITIkR4XLkScBuQVVOFDEfK/hUrPCVx7pujMpvRAGi0aWNgFCUKJ3Rptnn5bL/0zP
	fJ9bq3tXXomEguxvhjQsLoqDXvjZ+MnKVODleJMyA4lZS6jpkJq/s2OvqjyZ94BHx4WN
	8EbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=PFfLfckSG1VEWdtGFUYiXgyioZX9p3b9UGjDbSAMolI=;
	b=eM8z2uEfm5JF86+OET6xp6BLkxLSybVb4UR3nfI27MIOv43Cu03QeYTX2GcWX17sK/
	bpVgQkrhDzHh/8lxAa/Szv+9HPJUGvUXzTcsvmxcV1mLpcdSpSQ5LtcXjJBrGM/WbEO0
	p6VLbABf8MDf9ZayBQQlli5Sgi5U1DnMAVlchZqo+5kJob7ZZbHegs0X0tWStQAGEE8z
	c7tS4RD35PjUH/aAO/1b9QhVTFt2lOMxbihXPdwWuQ6kNedKKRvctsxUQU1EDCCKrKf6
	tY12H1VgkYJRMJhlKwfqS4f+g6EgqZZQjlRt16PrCsSSemExKgUf9jSi/1hXAciCd6wy
	XIVw==
X-Gm-Message-State: APjAAAWGsRCEpeMjw/XfwmGrovqywiy/5LxKI28U9pCdd7dcl5r8VtMg
	f4SwO4SrbXLiFOkUmFonLf+QKvp+
X-Google-Smtp-Source: 
 APXvYqx/O1cGH0w0Xd8n2YgEJdEq1wmSVVa7ejIsENYrN4ec7IcQZDwh4BPmLB4pwaBun+H0prziZg==
X-Received: by 2002:adf:fe85:: with SMTP id l5mr17193145wrr.0.1552404408744;
	Tue, 12 Mar 2019 08:26:48 -0700 (PDT)
Received: from ubuntu.localdomain ([213.226.141.56])
	by smtp.googlemail.com with ESMTPSA id
	o5sm2828670wmh.12.2019.03.12.08.26.47
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 12 Mar 2019 08:26:47 -0700 (PDT)
From: Toms Atteka <cpp.code.lv@gmail.com>
To: dev@openvswitch.org
Date: Tue, 12 Mar 2019 08:26:43 -0700
Message-Id: <1552404403-121854-1-git-send-email-cpp.code.lv@gmail.com>
X-Mailer: git-send-email 2.7.4
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Toms Atteka <cpp.code.lv@gmail.com>
Subject: [ovs-dev] [PATCH] lib: added check to prevent int overflow
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

If enough large input is given ofpact_finish will fail.
Check was added and error message returned.

Basic manual testing performed.

Reported-by:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12972
Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com>
---
 lib/learn.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/learn.c b/lib/learn.c
index 642ce18..5b168e4 100644
--- a/lib/learn.c
+++ b/lib/learn.c
@@ -455,6 +455,11 @@ learn_parse__(char *orig, char *arg, const struct ofputil_port_map *port_map,
             learn = ofpacts->header;
         }
     }
+
+    if ((char *)ofpbuf_tail(ofpacts) - (char *)ofpacts->header > UINT16_MAX) {
+        return xasprintf("input too big");
+    }
+
     ofpact_finish_LEARN(ofpacts, &learn);
 
     return NULL;