[ovs-dev] [PATCH] ossfuzz: Remove duplicate tcp flags parsing in flow extract target

[bshas3 at gmail.com]

From: Bhargava Shastry <bshas3 at gmail.com>

During a code audit, the flow extraction fuzzer target was seen to be
 parsing tcp flags from the fuzzer supplied input twice. This is
probably a typo since the second call to `parse_tcp_flags()` is
identical to the first.
Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers
contained in the packet, the second (buggy) call to `parse_tcp_flags()`
creates an expectation that there is a second set of Ethernet and IP
headers beyond the first which is incorrect. This patch fixes this
problem by removing the duplicate code in question.

Signed-off-by: Bhargava Shastry <bshas3 at gmail.com>
---
 tests/oss-fuzz/flow_extract_target.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/tests/oss-fuzz/flow_extract_target.c b/tests/oss-fuzz/flow_extract_target.c
index 4a7451411..869d1e63e 100644
--- a/tests/oss-fuzz/flow_extract_target.c
+++ b/tests/oss-fuzz/flow_extract_target.c
@@ -60,12 +60,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         ignore(tcp_flags);
     }
 
-    /* Parse TCP flags. */
-    if (dp_packet_size(&packet) >= ETH_HEADER_LEN) {
-        uint16_t tcp_flags = parse_tcp_flags(&packet);
-        ignore(tcp_flags);
-    }
-
     /* Count headers. */
     int count = flow_count_vlan_headers(&flow);
     ignore(count);
-- 
2.17.1