[ovs-dev] [PATCH] odp-util: Prevent oversized encap action
Gregory Rose
gvrose8192 at gmail.com
Wed Feb 20 00:18:40 UTC 2019
On 1/17/2019 4:33 PM, Yifeng Sun wrote:
> nla_len in struct nlattr is of type uint16_t. This patch prevents
> nla_len from be truncated if the size of encapped actions is too
> large.
>
> Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12255
> Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
> ---
> lib/odp-util.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/lib/odp-util.c b/lib/odp-util.c
> index a1c3e5bda550..eac1079cdd93 100644
> --- a/lib/odp-util.c
> +++ b/lib/odp-util.c
> @@ -5600,6 +5600,10 @@ parse_odp_key_mask_attr(struct parse_odp_context *context, const char *s,
> return retval;
> }
> s += retval;
> +
> + if (nl_attr_oversized(key->size - encap)) {
> + return -E2BIG;
> + }
> }
> s++;
>
Hi Yifeng,
The patch looks OK and I can provide a reviewed-by tag but I don't have
access to the reporter link so
I'm unable to look at how to test it. Seems obvious enough though.
Thanks.
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
More information about the dev
mailing list