[ovs-git] [openvswitch/ovs] 5026a2: ofp-actions: Avoid buffer overread in BUNDLE actio...

GitHub noreply at github.com
Thu Jul 5 22:08:29 UTC 2018


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 5026a263d7846077eee540de42192d27da513226
      https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/ofp-actions.c

  Log Message:
  -----------
  ofp-actions: Avoid buffer overread in BUNDLE action decoding.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9052
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>


  Commit: bc759a2c226487c63ed46d881eaf46c77c98b9af
      https://github.com/openvswitch/ovs/commit/bc759a2c226487c63ed46d881eaf46c77c98b9af
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/ofp-actions.c

  Log Message:
  -----------
  ofp-actions: Fix buffer overread in decode_LEARN_specs().

The length check was wrong for immediate arguments to "learn" actions.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9047
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>


  Commit: f1a57715f9893b9a64f71eb8dfb32bfe51625798
      https://github.com/openvswitch/ovs/commit/f1a57715f9893b9a64f71eb8dfb32bfe51625798
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/json.c
    M tests/json.at

  Log Message:
  -----------
  json: Avoid signed integer overflow in parsing exponents.

This can't cause a crash and doesn't seem relevant to normal operation.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9044
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>


  Commit: 1ab2425cbeaf755868603fa0db03632146725855
      https://github.com/openvswitch/ovs/commit/1ab2425cbeaf755868603fa0db03632146725855
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M build-aux/extract-ofp-errors

  Log Message:
  -----------
  extract-ofp-errors: Fix undefined behavior shifting 'int' 16 places left.

Shifting a 16-bit signed int 16 bits is technically undefined behavior.
This fixes the problem.  (In practice this should be harmless in this
case.)

Reported-at; https://oss-fuzz.com/v2/testcase-detail/4730143510626304
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>


  Commit: a02f9a62027ceeb4e3403312a704538850c8ab99
      https://github.com/openvswitch/ovs/commit/a02f9a62027ceeb4e3403312a704538850c8ab99
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/ofp-actions.c

  Log Message:
  -----------
  ofp-actions: Fix undefined behavior shifting 'int' 16 places left.

Shifting a 16-bit signed int 16 bits is technically undefined behavior.
This fixes the problem.  (In practice this should be harmless in this
case.)

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9049
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/7521e0cf9e88...a02f9a62027c
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list