diff options
| author | Ilya Maximets <i.maximets@ovn.org> | 2022-04-29 19:21:23 +0200 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-05-04 18:39:24 +0200 |
| commit | 8c506d3725b6bdba5ee192d15378abbc83f41170 (patch) | |
| tree | f7f2807eb65e64181a5285b7abcbb74325432c6f /tests/fuzz-regression | |
| parent | e8515c8cc082964f7611e6f03300e614b9b8eaca (diff) | |
| download | openvswitch-8c506d3725b6bdba5ee192d15378abbc83f41170.tar.gz | |
ofp-monitor: Fix abort on malformed flow update event.
nx_to_ofp_flow_update_event() aborts the execution if incorrect
event is passed, so checking has to be done before conversion
in order to avoid the crash while decoding malformed flow update
message:
==397030==ERROR: AddressSanitizer: ABRT on unknown address 0x... )
0 0x7fd26688418b in raise
1 0x7fd266863858 in abort
2 0x6a6cbd in nx_to_ofp_flow_update_event lib/ofp-monitor.c:399:9
3 0x6a6cbd in ofputil_decode_flow_update lib/ofp-monitor.c:856:25
4 0x56491d in ofp_print_flow_monitor_reply lib/ofp-print.c:779:22
5 0x55f0a0 in ofp_to_string__ lib/ofp-print.c:1154:16
6 0x55f0a0 in ofp_to_string lib/ofp-print.c:1244:21
7 0x5603a5 in ofp_print lib/ofp-print.c:1288:28
Credit to OSS-Fuzz.
Additionally removed the extra 'reply' word from the error message,
since ofpraw_get_name(raw) already has one.
Fixes: c3e64047d1cc ("ofp-monitor: Support flow monitoring for OpenFlow 1.3, 1.4+.")
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47112
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'tests/fuzz-regression')
| -rw-r--r-- | tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 | bin | 0 -> 32 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 b/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 Binary files differnew file mode 100644 index 000000000..5d53b1247 --- /dev/null +++ b/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 |