mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-31 14:25:26 +00:00
Code Issues Releases Wiki Activity

ofp-actions: Properly check for action that exceeds buffer length.

Browse Source 
Commit c2d936a44f (ofp-actions: Centralize all OpenFlow action code for
maintainability.) rewrote OpenFlow action parsing but failed to check that
actions don't overflow their buffers.  This commit fixes the problem and
adds negative tests so that this bug doesn't recur.

Reported-by: Tomer Pearl <Tomer.Pearl@Contextream.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
This commit is contained in:
Ben Pfaff
2014-10-23 14:34:04 -07:00
parent 09cac43f74
commit b153b99032
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/ofp-actions.c
View File

@@ -6406,6 +6406,11 @@ ofpact_pull_raw(struct ofpbuf *buf, enum ofp_version ofp_version,
}
length = ntohs(oah->len);
if (length > ofpbuf_size(buf)) {
VLOG_WARN_RL(&rl, "OpenFlow action %s length %u exceeds action buffer "
"length %"PRIu32, action->name, length, ofpbuf_size(buf));
return OFPERR_OFPBAC_BAD_LEN;
}
if (length < action->min_length || length > action->max_length) {
VLOG_WARN_RL(&rl, "OpenFlow action %s length %u not in valid range "
"[%hu,%hu]", action->name, length,