ofp-ed-props: Fix hang for crafted OpenFlow encap/decap properties.

decode_ed_prop() accepted encap/decap properties with a reported length of 0, without consuming any data from the property list, which yielded an infinite loop. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9918 Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Darrell Ball<dlu998@gmail.com>
author: Ben Pfaff <blp@ovn.org> 2018-08-15 15:03:43 -0700
committer: Ben Pfaff <blp@ovn.org> 2018-08-16 12:56:54 -0700
commit: be5e6d6822e60b5b84ac65dcd1b249145356a809 (patch)
tree: 8cb5d17bb4bb6065a36f13cf51d17713703e3446 /lib
parent: a84b88659e23c1a490264fd2fdf66bd8f59c1e07 (diff)
download: openvswitch-be5e6d6822e60b5b84ac65dcd1b249145356a809.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ofp-ed-props.c b/lib/ofp-ed-props.c
index 901da2f0d..28382e012 100644
--- a/lib/ofp-ed-props.c
+++ b/lib/ofp-ed-props.c
@@ -35,7 +35,7 @@ decode_ed_prop(const struct ofp_ed_prop_header **ofp_prop,
     size_t len = (*ofp_prop)->len;
     size_t pad_len = ROUND_UP(len, 8);
 
-    if (pad_len > *remaining) {
+    if (len < sizeof **ofp_prop || pad_len > *remaining) {
         return OFPERR_OFPBAC_BAD_LEN;
     }
author	Ben Pfaff <blp@ovn.org>	2018-08-15 15:03:43 -0700
committer	Ben Pfaff <blp@ovn.org>	2018-08-16 12:56:54 -0700
commit	be5e6d6822e60b5b84ac65dcd1b249145356a809 (patch)
tree	8cb5d17bb4bb6065a36f13cf51d17713703e3446 /lib
parent	a84b88659e23c1a490264fd2fdf66bd8f59c1e07 (diff)
download	openvswitch-be5e6d6822e60b5b84ac65dcd1b249145356a809.tar.gz