odp-util: Validate values of vid and pcp in push_vlan action

Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of "Undefined-shift in parse_odp_action". This is because an invalid value of vid is passed in push_vlan. This patch adds validation to the value of vid, in addition to the value of pcp. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
author: Yifeng Sun <pkusunyifeng@gmail.com> 2018-11-27 16:10:12 -0800
committer: Ben Pfaff <blp@ovn.org> 2018-12-03 13:54:27 -0800
commit: 1a47405b65ea5bcb2a0c48d3148693d86afb2e3c (patch)
tree: 8dda689d732bef14fc192594c4701eaf377fe897 /lib
parent: 2df300c5c880ebcac60a2fa2947d727475305cc4 (diff)
download: openvswitch-1a47405b65ea5bcb2a0c48d3148693d86afb2e3c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/odp-util.c b/lib/odp-util.c
index bb6669b37..1e8c5f194 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2282,6 +2282,10 @@ parse_odp_action(const char *s, const struct simap *port_names,
                         &tpid, &vid, &pcp, &n)
             || ovs_scan(s, "push_vlan(tpid=%i,vid=%i,pcp=%i,cfi=%i)%n",
                         &tpid, &vid, &pcp, &cfi, &n)) {
+            if ((vid & ~(VLAN_VID_MASK >> VLAN_VID_SHIFT)) != 0
+                || (pcp & ~(VLAN_PCP_MASK >> VLAN_PCP_SHIFT)) != 0) {
+                return -EINVAL;
+            }
             push.vlan_tpid = htons(tpid);
             push.vlan_tci = htons((vid << VLAN_VID_SHIFT)
                                   | (pcp << VLAN_PCP_SHIFT)
author	Yifeng Sun <pkusunyifeng@gmail.com>	2018-11-27 16:10:12 -0800
committer	Ben Pfaff <blp@ovn.org>	2018-12-03 13:54:27 -0800
commit	1a47405b65ea5bcb2a0c48d3148693d86afb2e3c (patch)
tree	8dda689d732bef14fc192594c4701eaf377fe897 /lib
parent	2df300c5c880ebcac60a2fa2947d727475305cc4 (diff)
download	openvswitch-1a47405b65ea5bcb2a0c48d3148693d86afb2e3c.tar.gz