[ovs-dev] [PATCH] lib: added check to prevent int overflow
Toms Atteka
cpp.code.lv at gmail.com
Tue Mar 12 15:26:43 UTC 2019
If enough large input is given ofpact_finish will fail.
Check was added and error message returned.
Basic manual testing performed.
Reported-by:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12972
Signed-off-by: Toms Atteka <cpp.code.lv at gmail.com>
---
lib/learn.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/learn.c b/lib/learn.c
index 642ce18..5b168e4 100644
--- a/lib/learn.c
+++ b/lib/learn.c
@@ -455,6 +455,11 @@ learn_parse__(char *orig, char *arg, const struct ofputil_port_map *port_map,
learn = ofpacts->header;
}
}
+
+ if ((char *)ofpbuf_tail(ofpacts) - (char *)ofpacts->header > UINT16_MAX) {
+ return xasprintf("input too big");
+ }
+
ofpact_finish_LEARN(ofpacts, &learn);
return NULL;
--
2.7.4
More information about the dev
mailing list