lib: added check to prevent int overflow

If enough large input is given ofpact_finish will fail. Implemented ofpbuf_oversized function to check for oversized buffer. Checks were added for parse functions and error messages returned. Basic manual testing performed. Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12972 Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2025-08-30 22:05:19 +00:00 · 2019-03-20 13:40:19 -07:00
parent 723b6ab2df
commit 8e738337a2
4 changed files with 45 additions and 0 deletions
--- a/lib/learn.c
+++ b/lib/learn.c
@@ -455,6 +455,11 @@ learn_parse__(char *orig, char *arg, const struct ofputil_port_map *port_map,
            learn = ofpacts->header;
        }
    }
+
+    if (ofpbuf_oversized(ofpacts)) {
+        return xasprintf("input too big");
+    }
+
    ofpact_finish_LEARN(ofpacts, &learn);

    return NULL;