[ovs-dev] [PATCH] odp-util: Return an error on actions overflow while parsing from string.

Ilya Maximets i.maximets at ovn.org
Mon Jun 14 15:17:01 UTC 2021


We don't need to continue parsing if already oversized.  This is not
very important, but fuzzer times out while parsing very long list of
actions.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29190
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
---
 lib/odp-util.c |  4 ++++
 tests/odp.at   | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index e1199d1da..18579cff7 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2643,6 +2643,10 @@ odp_actions_from_string(const char *s, const struct simap *port_names,
 
         retval = parse_odp_action(&context, s, actions);
 
+        if (retval >= 0 && nl_attr_oversized(actions->size - NLA_HDRLEN)) {
+            retval = -E2BIG;
+        }
+
         if (retval < 0 || !strchr(delimiters, s[retval])) {
             actions->size = old_size;
             return -retval;
diff --git a/tests/odp.at b/tests/odp.at
index b762ebb2b..fea15988a 100644
--- a/tests/odp.at
+++ b/tests/odp.at
@@ -435,6 +435,21 @@ odp_actions_from_string: error
 ])
 AT_CLEANUP
 
+AT_SETUP([OVS datapath actions parsing and formatting - actions too long])
+dnl Actions should fit in a single netlink message.
+dnl Empty set(encap()) takes 8 bytes to encode.  So, 8192 of them is too much,
+dnl but 8191 still fits.
+data_valid=$(  printf 'set(encap()),%.0s' {1..8190})
+data_invalid=$(printf 'set(encap()),%.0s' {1..8191})
+echo "${data_valid}set(encap())" > actions.txt
+echo "${data_invalid}set(encap())" >> actions.txt
+
+AT_CHECK_UNQUOTED([ovstest test-odp parse-actions < actions.txt], [0], [dnl
+`cat actions.txt | head -1`
+odp_actions_from_string: error
+])
+AT_CLEANUP
+
 AT_SETUP([OVS datapath keys parsing and formatting - 33 nested encap ])
 AT_DATA([odp-in.txt], [dnl
 encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap()))))))))))))))))))))))))))))))))
-- 
2.26.3



More information about the dev mailing list