[ovs-dev] [PATCH v1] ofp-actions: Always validate action size
Mike Pattrick
mkp at redhat.com
Fri Nov 26 22:16:21 UTC 2021
Currently, ovs-ofctl and other associated tools will validate the size
of flow actions. However, there are some code paths that do not validate
the size correctly.
When adding more than 1000 logical switch ports to an OVS bridge in OVN,
OVN will happily create a flow with potentially unlimited actions. This
can cause OVS to call abort() when it attempts to re-serialize the flow
actions.
This change will validate the size with every call to ofpacts_verify,
which should cover all remaining code paths.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2020770
Signed-off-by: Mike Pattrick <mkp at redhat.com>
---
lib/ofp-actions.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index ecf914eac..74b8b65ac 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -8749,6 +8749,10 @@ ofpacts_verify(const struct ofpact ofpacts[], size_t ofpacts_len,
const struct ofpact *a;
enum ovs_instruction_type inst;
+ if (ofpacts_len > ROUND_DOWN(UINT16_MAX, OFP_ACTION_ALIGN)) {
+ return OFPERR_OFPBAC_BAD_LEN;
+ }
+
inst = OVSINST_OFPIT13_METER;
OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
enum ovs_instruction_type next;
--
2.27.0
More information about the dev
mailing list