[ovs-dev] [PATCH] ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".

Ben Pfaff blp at ovn.org
Tue Jul 31 20:28:29 UTC 2018


Reported-by: Oscar Wilde <xdxiaobin at gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047070.html
Signed-off-by: Ben Pfaff <blp at ovn.org>
---
 AUTHORS.rst           | 1 +
 utilities/ovs-ofctl.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/AUTHORS.rst b/AUTHORS.rst
index 6ba9bf7c3644..a5c93d9183fb 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -538,6 +538,7 @@ Murali R                        muralirdev at gmail.com
 Nagi Reddy Jonnala              njonnala at Brocade.com
 Niels van Adrichem              N.L.M.vanAdrichem at tudelft.nl
 Niklas Andersson                nandersson at nicira.com
+Oscar Wilde                     xdxiaobin at gmail.com
 Pankaj Thakkar                  thakkar at nicira.com
 Pasi Kärkkäinen                 pasik at iki.fi
 Patrik Andersson R              patrik.r.andersson at ericsson.com
diff --git a/utilities/ovs-ofctl.c b/utilities/ovs-ofctl.c
index 6acbbf140d4f..8d14a9b59f71 100644
--- a/utilities/ovs-ofctl.c
+++ b/utilities/ovs-ofctl.c
@@ -2781,7 +2781,8 @@ ofctl_ofp_parse_pcap(struct ovs_cmdl_context *ctx)
 
                     oh = dp_packet_data(payload);
                     length = ntohs(oh->length);
-                    if (dp_packet_size(payload) < length) {
+                    if (dp_packet_size(payload) < length
+                        || length < sizeof *oh) {
                         break;
                     }
 
-- 
2.16.1



More information about the dev mailing list