ofp-actions: Set an action depth limit to prevent stackoverflow by ofpacts_parse

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12557
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index f76db6c0f..6f1751864 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -9062,11 +9062,16 @@ static char * OVS_WARN_UNUSED_RESULT
 ofpacts_parse(char *str, const struct ofpact_parse_params *pp,
               bool allow_instructions, enum ofpact_type outer_action)
 {
+    if (pp->depth >= MAX_OFPACT_PARSE_DEPTH) {
+        return xstrdup("Action nested too deeply");
+    }
+    CONST_CAST(struct ofpact_parse_params *, pp)->depth++;
     uint32_t orig_size = pp->ofpacts->size;
     char *error = ofpacts_parse__(str, pp, allow_instructions, outer_action);
     if (error) {
         pp->ofpacts->size = orig_size;
     }
+    CONST_CAST(struct ofpact_parse_params *, pp)->depth--;
     return error;
 }