diff options
author | Yifeng Sun <pkusunyifeng@gmail.com> | 2018-10-25 14:41:50 -0700 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2018-10-26 14:54:38 -0700 |
commit | e612dd2f290a47c53bfcd7a5c0aead66a6fd0119 (patch) | |
tree | a12dfdaf2fa951625598ec949c2b43405f2d1aa3 /include | |
parent | 4e9c96f00614d829347dce7f183c3bedc2b35829 (diff) | |
download | openvswitch-e612dd2f290a47c53bfcd7a5c0aead66a6fd0119.tar.gz |
NSH: Fix NSH-related length macros that cause stack overflow
In the filed of ver_flags_ttl_len of struct nshhdr, there are only 6
bits that are used to indicate header's total length in 4-byte words.
Therefore, the max value for total is 252 (63x4), instead of 256 used
in present code base. This patch fixes it.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10855
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openvswitch/nsh.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/openvswitch/nsh.h b/include/openvswitch/nsh.h index 55f59d636..afed932fc 100644 --- a/include/openvswitch/nsh.h +++ b/include/openvswitch/nsh.h @@ -263,10 +263,10 @@ struct nsh_hdr { #define NSH_M_TYPE1_LEN 24 /* NSH header maximum Length. */ -#define NSH_HDR_MAX_LEN 256 +#define NSH_HDR_MAX_LEN 252 /* NSH context headers maximum Length. */ -#define NSH_CTX_HDRS_MAX_LEN 248 +#define NSH_CTX_HDRS_MAX_LEN 244 static inline uint16_t nsh_hdr_len(const struct nsh_hdr *nsh) |