| Message ID | 1543363812-28116-3-git-send-email-pkusunyifeng@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev] odp-util: Validate values of vid and pcp in push_vlan action | expand |
On Tue, Nov 27, 2018 at 04:10:12PM -0800, Yifeng Sun wrote: > Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of > "Undefined-shift in parse_odp_action". This is because an invalid > value of vid is passed in push_vlan. This patch adds validation to > the value of vid, in addition to the value of pcp. > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520 > Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Thanks, applied to master.
diff --git a/lib/odp-util.c b/lib/odp-util.c index bb6669b37af9..1e8c5f194793 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2282,6 +2282,10 @@ parse_odp_action(const char *s, const struct simap *port_names, &tpid, &vid, &pcp, &n) || ovs_scan(s, "push_vlan(tpid=%i,vid=%i,pcp=%i,cfi=%i)%n", &tpid, &vid, &pcp, &cfi, &n)) { + if ((vid & ~(VLAN_VID_MASK >> VLAN_VID_SHIFT)) != 0 + || (pcp & ~(VLAN_PCP_MASK >> VLAN_PCP_SHIFT)) != 0) { + return -EINVAL; + } push.vlan_tpid = htons(tpid); push.vlan_tci = htons((vid << VLAN_VID_SHIFT) | (pcp << VLAN_PCP_SHIFT)
Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of "Undefined-shift in parse_odp_action". This is because an invalid value of vid is passed in push_vlan. This patch adds validation to the value of vid, in addition to the value of pcp. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> --- lib/odp-util.c | 4 ++++ 1 file changed, 4 insertions(+)