odp-util: Stop parse odp actions if nlattr is overflowbranch-2.2

`encap = nl_msg_start_nested(key, OVS_KEY_ATTR_ENCAP)` ensures that key->size >= (encap + NLA_HDRLEN), so the `if` statement is safe. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11306 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
author: Yifeng Sun <pkusunyifeng@gmail.com> 2019-02-01 15:56:04 -0800
committer: Ben Pfaff <blp@ovn.org> 2019-02-04 12:45:11 -0800
commit: 9f385899a000cf7776fbadb4fc6b21c2023c0761 (patch)
tree: dab11c19827cf1de4d9d98fcae75205848797f33
parent: 35f095fbdc183e13419a318b0fe17b332d3c68ab (diff)
download: openvswitch-9f385899a000cf7776fbadb4fc6b21c2023c0761.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 155c754a5..90acc54ff 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2410,6 +2410,10 @@ parse_odp_key_mask_attr(const char *s, const struct simap *port_names,
             if (retval < 0) {
                 return retval;
             }
+
+            if (nl_attr_oversized(key->size - encap - NLA_HDRLEN)) {
+                return -E2BIG;
+            }
             s += retval;
         }
         s++;
author	Yifeng Sun <pkusunyifeng@gmail.com>	2019-02-01 15:56:04 -0800
committer	Ben Pfaff <blp@ovn.org>	2019-02-04 12:45:11 -0800
commit	9f385899a000cf7776fbadb4fc6b21c2023c0761 (patch)
tree	dab11c19827cf1de4d9d98fcae75205848797f33
parent	35f095fbdc183e13419a318b0fe17b332d3c68ab (diff)
download	openvswitch-9f385899a000cf7776fbadb4fc6b21c2023c0761.tar.gz