diff options
author | Yifeng Sun <pkusunyifeng@gmail.com> | 2019-02-01 16:44:26 -0800 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2019-02-04 12:34:14 -0800 |
commit | 1f886f070f7fd0ada801f92b7ba6832d1b3f4314 (patch) | |
tree | c18c4e5c87bbd328401e9b3c389b7b672496bcfc /lib/ofp-actions.c | |
parent | 561ac8382ecc9fcab3676574dad6c420adf9edc3 (diff) | |
download | openvswitch-1f886f070f7fd0ada801f92b7ba6832d1b3f4314.tar.gz |
ofp-actions: Set an action depth limit to prevent stackoverflow by ofpacts_parse
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12557
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'lib/ofp-actions.c')
-rw-r--r-- | lib/ofp-actions.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index f76db6c0f..6f1751864 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -9062,11 +9062,16 @@ static char * OVS_WARN_UNUSED_RESULT ofpacts_parse(char *str, const struct ofpact_parse_params *pp, bool allow_instructions, enum ofpact_type outer_action) { + if (pp->depth >= MAX_OFPACT_PARSE_DEPTH) { + return xstrdup("Action nested too deeply"); + } + CONST_CAST(struct ofpact_parse_params *, pp)->depth++; uint32_t orig_size = pp->ofpacts->size; char *error = ofpacts_parse__(str, pp, allow_instructions, outer_action); if (error) { pp->ofpacts->size = orig_size; } + CONST_CAST(struct ofpact_parse_params *, pp)->depth--; return error; } |