[ovs-dev] [PATCH v2] odp-util: Validate close-brace in scan_geneve and fix return values of san_xxx functions

Yifeng Sun pkusunyifeng at gmail.com
Thu Nov 1 17:33:03 UTC 2018


This patch adds validation of close-braces in scan_geneve. An simple
example is "set(encap(tunnel(geneve({{))))". When scan_geneve returns,
(struct geneve_scan *key)->len equals to 2*sizeof(struct geneve_opt).
That seems not correct.

Found this issue while inspecting oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11153.

In addition, SCAN_TYPE expects scan_XXX functions to return 0
on errors. This patch inspects all related scan_XXX functions
and fixes their return values.

Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
---
v1->v2: Added example in commit message by Ben's suggestion.

 lib/odp-util.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index 626a03b7686f..f50de7fd275c 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -4812,7 +4812,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t *mask)
         s += 3;
         len = scan_be16(s, &id, mask ? &id_mask : NULL);
         if (len == 0) {
-            return -EINVAL;
+            return 0;
         }
         s += len;
     }
@@ -4824,7 +4824,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t *mask)
         s += 6;
         len = scan_u8(s, &flags, mask ? &flags_mask : NULL);
         if (len == 0) {
-            return -EINVAL;
+            return 0;
         }
         s += len;
     }
@@ -4858,7 +4858,7 @@ scan_erspan_metadata(const char *s,
         s += 4;
         len = scan_u8(s, &ver, mask ? &ver_mask : NULL);
         if (len == 0) {
-            return -EINVAL;
+            return 0;
         }
         s += len;
     }
@@ -4872,7 +4872,7 @@ scan_erspan_metadata(const char *s,
             s += 4;
             len = scan_u32(s, &idx, mask ? &idx_mask : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
         }
@@ -4892,7 +4892,7 @@ scan_erspan_metadata(const char *s,
             s += 4;
             len = scan_u8(s, &dir, mask ? &dir_mask : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
         }
@@ -4903,7 +4903,7 @@ scan_erspan_metadata(const char *s,
             s += 5;
             len = scan_u8(s, &hwid, mask ? &hwid_mask : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
         }
@@ -4944,7 +4944,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
             len = scan_be16(s, &opt->opt_class,
                             mask ? &opt_mask->opt_class : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
         } else if (mask) {
@@ -4958,7 +4958,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
             s += 5;
             len = scan_u8(s, &opt->type, mask ? &opt_mask->type : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
         } else if (mask) {
@@ -4973,7 +4973,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
             s += 4;
             len = scan_u8(s, &opt_len, mask ? &opt_len_mask : NULL);
             if (len == 0) {
-                return -EINVAL;
+                return 0;
             }
             s += len;
 
@@ -5016,6 +5016,8 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
                 opt_mask += 1 + data_len / 4;
             }
             len_remain -= data_len;
+        } else {
+            return 0;
         }
     }
 
-- 
2.7.4



More information about the dev mailing list