[ovs-dev] [PATCH v2] odp-util: Return an error on actions overflow while parsing from string.

Ilya Maximets i.maximets at ovn.org
Mon Jun 14 17:36:01 UTC 2021


We don't need to continue parsing if already oversized.  This is not
very important, but fuzzer times out while parsing very long list of
actions.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29190
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
---

Version 2:
  - Fixed non-portable shell syntax in the test.
  - Additionally simplified the test a bit to not generate almost
    the same long string twice.

 lib/odp-util.c |  4 ++++
 tests/odp.at   | 14 ++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index e1199d1da..18579cff7 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2643,6 +2643,10 @@ odp_actions_from_string(const char *s, const struct simap *port_names,
 
         retval = parse_odp_action(&context, s, actions);
 
+        if (retval >= 0 && nl_attr_oversized(actions->size - NLA_HDRLEN)) {
+            retval = -E2BIG;
+        }
+
         if (retval < 0 || !strchr(delimiters, s[retval])) {
             actions->size = old_size;
             return -retval;
diff --git a/tests/odp.at b/tests/odp.at
index b762ebb2b..dccafd9d3 100644
--- a/tests/odp.at
+++ b/tests/odp.at
@@ -435,6 +435,20 @@ odp_actions_from_string: error
 ])
 AT_CLEANUP
 
+AT_SETUP([OVS datapath actions parsing and formatting - actions too long])
+dnl Actions should fit in a single netlink message.
+dnl Empty set(encap()) takes 8 bytes to encode.  So, 8192 of them is too much,
+dnl but 8191 still fits.
+actions=$(printf 'set(encap()),%.0s' $(seq 8190))
+echo "${actions}set(encap())" > actions.txt
+echo "${actions}set(encap()),set(encap())" >> actions.txt
+
+AT_CHECK_UNQUOTED([ovstest test-odp parse-actions < actions.txt], [0], [dnl
+`cat actions.txt | head -1`
+odp_actions_from_string: error
+])
+AT_CLEANUP
+
 AT_SETUP([OVS datapath keys parsing and formatting - 33 nested encap ])
 AT_DATA([odp-in.txt], [dnl
 encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap()))))))))))))))))))))))))))))))))
-- 
2.26.3



More information about the dev mailing list