[ovs-dev] [PATCHv3] netlink: added check to prevent netlink attribute overflow
Toms Atteka
cpp.code.lv at gmail.com
Tue Feb 19 18:55:02 UTC 2019
If enough large input is passed to odp_actions_from_string it can
cause netlink attribute to overflow.
Check for buffer size was added to prevent entering this function
and returning appropriate error code.
Basic manual testing was performed.
Reported-by:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231
Signed-off-by: Toms Atteka <cpp.code.lv at gmail.com>
---
lib/odp-util.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index e893f46..e288ae8 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names,
n += retval;
}
+ if (actions->size > UINT16_MAX) {
+ return -EFBIG;
+ }
+
return n;
}
--
2.7.4
More information about the dev
mailing list