[ovs-dev] [PATCH v2] odp-util: Validate close-brace in scan_geneve and fix return values of san_xxx functions
Yifeng Sun
pkusunyifeng at gmail.com
Thu Nov 1 17:33:03 UTC 2018
This patch adds validation of close-braces in scan_geneve. An simple
example is "set(encap(tunnel(geneve({{))))". When scan_geneve returns,
(struct geneve_scan *key)->len equals to 2*sizeof(struct geneve_opt).
That seems not correct.
Found this issue while inspecting oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11153.
In addition, SCAN_TYPE expects scan_XXX functions to return 0
on errors. This patch inspects all related scan_XXX functions
and fixes their return values.
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
---
v1->v2: Added example in commit message by Ben's suggestion.
lib/odp-util.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 626a03b7686f..f50de7fd275c 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -4812,7 +4812,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t *mask)
s += 3;
len = scan_be16(s, &id, mask ? &id_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4824,7 +4824,7 @@ scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t *mask)
s += 6;
len = scan_u8(s, &flags, mask ? &flags_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4858,7 +4858,7 @@ scan_erspan_metadata(const char *s,
s += 4;
len = scan_u8(s, &ver, mask ? &ver_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4872,7 +4872,7 @@ scan_erspan_metadata(const char *s,
s += 4;
len = scan_u32(s, &idx, mask ? &idx_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4892,7 +4892,7 @@ scan_erspan_metadata(const char *s,
s += 4;
len = scan_u8(s, &dir, mask ? &dir_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4903,7 +4903,7 @@ scan_erspan_metadata(const char *s,
s += 5;
len = scan_u8(s, &hwid, mask ? &hwid_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
}
@@ -4944,7 +4944,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
len = scan_be16(s, &opt->opt_class,
mask ? &opt_mask->opt_class : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
} else if (mask) {
@@ -4958,7 +4958,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
s += 5;
len = scan_u8(s, &opt->type, mask ? &opt_mask->type : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
} else if (mask) {
@@ -4973,7 +4973,7 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
s += 4;
len = scan_u8(s, &opt_len, mask ? &opt_len_mask : NULL);
if (len == 0) {
- return -EINVAL;
+ return 0;
}
s += len;
@@ -5016,6 +5016,8 @@ scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
opt_mask += 1 + data_len / 4;
}
len_remain -= data_len;
+ } else {
+ return 0;
}
}
--
2.7.4
More information about the dev
mailing list