[ovs-git] [openvswitch/ovs] 0c19d9: pinctrl: Fix DNS packet parsing
Dumitru Ceara
noreply at github.com
Wed Aug 21 22:29:28 UTC 2019
Branch: refs/heads/branch-2.12
Home: https://github.com/openvswitch/ovs
Commit: 0c19d9a1bf9181c165f4839d51e1d76c356d3d5e
https://github.com/openvswitch/ovs/commit/0c19d9a1bf9181c165f4839d51e1d76c356d3d5e
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2019-08-21 (Wed, 21 Aug 2019)
Changed paths:
M ovn/controller/pinctrl.c
Log Message:
-----------
pinctrl: Fix DNS packet parsing
Due to the use of a uint8_t to index inside the DNS payload we could end
up in an infinite loop when specific (invalid) DNS packets were
processed by ovn-controller. In the infinite loop we keep increasing the
query_name dynamic string until running out of memory.
One way to replicate the issue is to configure DNS on the logical switch
and then inject a manually crafted DNS-like packet. For example, with
Scapy:
>>> p = IP(dst='10.0.0.2',src='10.0.0.3')/UDP(dport=53)/('a'*364)
>>> send(p)
Also add a sanity check on minimum L4 size of packets.
Cherry-picked from ovn commit - 7fbdeaade826da299c20c05050627ebea65fe8c2.
CC: Numan Siddique <nusiddiq at redhat.com>
Fixes: 16cb4fb8ca49 ("ovn-controller: Add 'dns_lookup' action")
Reported-at: https://bugzilla.redhat.com/1740335
Reported-by: Priscila <pveiga at redhat.com>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git
mailing list