netlink: added check to prevent netlink attribute overflow

If enough large input is passed to odp_actions_from_string it can cause netlink attribute to overflow. Check for buffer size was added to prevent entering this function and returning appropriate error code. Basic manual testing was performed. Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231 Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
author: Toms Atteka <cpp.code.lv@gmail.com> 2019-02-19 10:55:02 -0800
committer: Ben Pfaff <blp@ovn.org> 2019-02-22 11:19:46 -0800
commit: 692fc656fe530bec68373aa929367c8204bab3e7 (patch)
tree: f26112d00dbaf8f5350d90452c3f1543f1c25788 /lib/odp-util.c
parent: 0af63ac5ec162dc9d23eeb87aa57f0718448cc38 (diff)
download: openvswitch-692fc656fe530bec68373aa929367c8204bab3e7.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/odp-util.c b/lib/odp-util.c
index e893f46a3..e288ae8e5 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2161,6 +2161,10 @@ parse_action_list(const char *s, const struct simap *port_names,
         n += retval;
     }
 
+    if (actions->size > UINT16_MAX) {
+        return -EFBIG;
+    }
+
     return n;
 }
author	Toms Atteka <cpp.code.lv@gmail.com>	2019-02-19 10:55:02 -0800
committer	Ben Pfaff <blp@ovn.org>	2019-02-22 11:19:46 -0800
commit	692fc656fe530bec68373aa929367c8204bab3e7 (patch)
tree	f26112d00dbaf8f5350d90452c3f1543f1c25788 /lib/odp-util.c
parent	0af63ac5ec162dc9d23eeb87aa57f0718448cc38 (diff)
download	openvswitch-692fc656fe530bec68373aa929367c8204bab3e7.tar.gz