diff options
| author | Ilya Maximets <i.maximets@ovn.org> | 2022-04-29 19:21:23 +0200 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-05-04 18:39:24 +0200 |
| commit | 8c506d3725b6bdba5ee192d15378abbc83f41170 (patch) | |
| tree | f7f2807eb65e64181a5285b7abcbb74325432c6f /tests | |
| parent | e8515c8cc082964f7611e6f03300e614b9b8eaca (diff) | |
| download | openvswitch-8c506d3725b6bdba5ee192d15378abbc83f41170.tar.gz | |
ofp-monitor: Fix abort on malformed flow update event.
nx_to_ofp_flow_update_event() aborts the execution if incorrect
event is passed, so checking has to be done before conversion
in order to avoid the crash while decoding malformed flow update
message:
==397030==ERROR: AddressSanitizer: ABRT on unknown address 0x... )
0 0x7fd26688418b in raise
1 0x7fd266863858 in abort
2 0x6a6cbd in nx_to_ofp_flow_update_event lib/ofp-monitor.c:399:9
3 0x6a6cbd in ofputil_decode_flow_update lib/ofp-monitor.c:856:25
4 0x56491d in ofp_print_flow_monitor_reply lib/ofp-print.c:779:22
5 0x55f0a0 in ofp_to_string__ lib/ofp-print.c:1154:16
6 0x55f0a0 in ofp_to_string lib/ofp-print.c:1244:21
7 0x5603a5 in ofp_print lib/ofp-print.c:1288:28
Credit to OSS-Fuzz.
Additionally removed the extra 'reply' word from the error message,
since ofpraw_get_name(raw) already has one.
Fixes: c3e64047d1cc ("ofp-monitor: Support flow monitoring for OpenFlow 1.3, 1.4+.")
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47112
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/automake.mk | 1 | ||||
| -rw-r--r-- | tests/fuzz-regression-list.at | 1 | ||||
| -rw-r--r-- | tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 | bin | 0 -> 32 bytes |
3 files changed, 2 insertions, 0 deletions
diff --git a/tests/automake.mk b/tests/automake.mk index 8a9151f81..34ddda6aa 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -117,6 +117,7 @@ FUZZ_REGRESSION_TESTS = \ tests/fuzz-regression/flow_extract_fuzzer-5457710546944000 \ tests/fuzz-regression/json_parser_fuzzer-4790908707930112 \ tests/fuzz-regression/ofp_print_fuzzer-4584019764183040 \ + tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 \ tests/fuzz-regression/ofp_print_fuzzer-4730143510626304 \ tests/fuzz-regression/ofp_print_fuzzer-4854119633256448 \ tests/fuzz-regression/ofp_print_fuzzer-5070973479944192 \ diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at index 2347c690e..247bb667a 100644 --- a/tests/fuzz-regression-list.at +++ b/tests/fuzz-regression-list.at @@ -2,6 +2,7 @@ TEST_FUZZ_REGRESSION([flow_extract_fuzzer-5112775280951296]) TEST_FUZZ_REGRESSION([flow_extract_fuzzer-5457710546944000]) TEST_FUZZ_REGRESSION([json_parser_fuzzer-4790908707930112]) TEST_FUZZ_REGRESSION([ofp_print_fuzzer-4584019764183040]) +TEST_FUZZ_REGRESSION([ofp_print_fuzzer-4671928750702592]) TEST_FUZZ_REGRESSION([ofp_print_fuzzer-4730143510626304]) TEST_FUZZ_REGRESSION([ofp_print_fuzzer-4854119633256448]) TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5070973479944192]) diff --git a/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 b/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 Binary files differnew file mode 100644 index 000000000..5d53b1247 --- /dev/null +++ b/tests/fuzz-regression/ofp_print_fuzzer-4671928750702592 |