diff options
| author | Yifeng Sun <pkusunyifeng@gmail.com> | 2019-02-01 15:56:04 -0800 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2019-02-04 12:45:05 -0800 |
| commit | b8eb5b2c87d8b1b9699e9d3c1685112c802be503 (patch) | |
| tree | 4ed4a5e87007ed15df84c8418bd39b91217024c2 | |
| parent | 12eaec7ac9007d1a43214e5c528868f7e994fb93 (diff) | |
| download | openvswitch-branch-2.3.tar.gz | |
odp-util: Stop parse odp actions if nlattr is overflowbranch-2.3
`encap = nl_msg_start_nested(key, OVS_KEY_ATTR_ENCAP)` ensures that
key->size >= (encap + NLA_HDRLEN), so the `if` statement is safe.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11306
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
| -rw-r--r-- | lib/odp-util.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/odp-util.c b/lib/odp-util.c index 3ef13b497..d137e6d78 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2410,6 +2410,10 @@ parse_odp_key_mask_attr(const char *s, const struct simap *port_names, if (retval < 0) { return retval; } + + if (nl_attr_oversized(key->size - encap - NLA_HDRLEN)) { + return -E2BIG; + } s += retval; } s++; |