From 1f886f070f7fd0ada801f92b7ba6832d1b3f4314 Mon Sep 17 00:00:00 2001
From: Yifeng Sun <pkusunyifeng@gmail.com>
Date: Fri, 1 Feb 2019 16:44:26 -0800
Subject: ofp-actions: Set an action depth limit to prevent stackoverflow by
 ofpacts_parse

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12557
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
---
 lib/ofp-actions.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib/ofp-actions.c')

diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index f76db6c0f..6f1751864 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -9062,11 +9062,16 @@ static char * OVS_WARN_UNUSED_RESULT
 ofpacts_parse(char *str, const struct ofpact_parse_params *pp,
               bool allow_instructions, enum ofpact_type outer_action)
 {
+    if (pp->depth >= MAX_OFPACT_PARSE_DEPTH) {
+        return xstrdup("Action nested too deeply");
+    }
+    CONST_CAST(struct ofpact_parse_params *, pp)->depth++;
     uint32_t orig_size = pp->ofpacts->size;
     char *error = ofpacts_parse__(str, pp, allow_instructions, outer_action);
     if (error) {
         pp->ofpacts->size = orig_size;
     }
+    CONST_CAST(struct ofpact_parse_params *, pp)->depth--;
     return error;
 }
 
-- 
cgit v1.2.1