diff options
author | Toms Atteka <cpp.code.lv@gmail.com> | 2019-02-19 10:55:02 -0800 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2019-02-22 11:19:46 -0800 |
commit | 692fc656fe530bec68373aa929367c8204bab3e7 (patch) | |
tree | f26112d00dbaf8f5350d90452c3f1543f1c25788 /lib/odp-util.c | |
parent | 0af63ac5ec162dc9d23eeb87aa57f0718448cc38 (diff) | |
download | openvswitch-692fc656fe530bec68373aa929367c8204bab3e7.tar.gz |
netlink: added check to prevent netlink attribute overflow
If enough large input is passed to odp_actions_from_string it can
cause netlink attribute to overflow.
Check for buffer size was added to prevent entering this function
and returning appropriate error code.
Basic manual testing was performed.
Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231
Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'lib/odp-util.c')
-rw-r--r-- | lib/odp-util.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/odp-util.c b/lib/odp-util.c index e893f46a3..e288ae8e5 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names, n += retval; } + if (actions->size > UINT16_MAX) { + return -EFBIG; + } + return n; } |