The OVS LLDP implementation includes support for AutoAttach standard, which
the 'upstream' lldpd project does not include. As part of adding this
support, the message parsing for these TLVs did not include proper length
checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
without a proper boundary will cause an overread of memory, and lead to
undefined results, including crashes or other unidentified behavior.
The fix is to introduce proper bounds checking for these elements. Introduce
a unit test to ensure that we have some proper rejection in this code
base in the future.
Fixes: be53a5c447 ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Qian Chen <cq674350529@163.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
lldp_create() malloc memory for lldp->lldpd->g_hardware. lldp_unref
is supposed to free the memory regardless of hw->h_flags.
Signed-off-by: lic121 <lic121@chinatelecom.cn>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Using the SHORT version of the *_SAFE loops makes the code cleaner
and less error-prone. So, use the SHORT version and remove the extra
variable when possible.
In order to be able to use both long and short versions without changing
the name of the macro for all the clients, overload the existing name
and select the appropriate version depending on the number of arguments.
Acked-by: Dumitru Ceara <dceara@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
lldpd_alloc_hardware() always returns nonnull.
At the same time, there's no reason that lldpd_alloc_hardware() doesn't
take a const char *, so change that.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Upstream commit:
commit a8d3c90feca548fc0656d95b5d278713db86ff61
Date: Tue, 17 Nov 2020 09:28:17 -0500
lldp: avoid memory leak from bad packets
A packet that contains multiple instances of certain TLVs will cause
lldpd to continually allocate memory and leak the old memory. As an
example, multiple instances of system name TLV will cause old values
to be dropped by the decoding routine.
Reported-at: https://github.com/openvswitch/ovs/pull/337
Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Upstream commit:
commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b
Author: Vincent Bernat <vincent@bernat.im>
Date: Sun, 4 Oct 2015 01:50:38 +0200
lldp: fix a buffer overflow when handling management address TLV
When a remote device was advertising a too large management address
while still respecting TLV boundaries, lldpd would crash due to a buffer
overflow. However, the buffer being a static one, this buffer overflow
is not exploitable if hardening was not disabled. This bug exists since
version 0.5.6.
Fixes: be53a5c447 ("auto-attach: Initial support for Auto-Attach standard")
Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
Reported-at: https://github.com/openvswitch/ovs/pull/335
Co-authored-by: Fabrizio D'Angelo <fdangelo@redhat.com>
Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Upstream commit:
commit 3aeae72b97716fddac290634fad02b952d981f17
Author: Vincent Bernat <vincent@bernat.ch>
Date: Tue, 1 Oct 2019 21:42:42 +0200
lldp: validate a bit more received LLDP frames
Notably, we ensure the order and unicity of Chassis ID, Port ID and
TTL TLV. For Chassis ID and Port ID, we also ensure the maximum size
does not exceed 256.
Fix https://github.com/vincentbernat/lldpd/issues/351
Fixes: be53a5c447 ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The new term is "member".
Most of these changes should not change user-visible behavior. One
place where they do is in "ovs-ofctl dump-flows", which will now output
"members:..." inside "bundle" actions instead of "slaves:...". I don't
expect this to cause real problems in most systems. The old syntax
is still supported on input for backward compatibility.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
lib/lldp/lldpd.c: In function :
lib/lldp/lldpd.c:520:17: warning: output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
strncat(buffer, cfg->g_protocols[i].name,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
strlen(cfg->g_protocols[i].name));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/lldp/lldpd.c: In function :
lib/lldp/lldpd.c:519:17: warning: specified bound 2 equals source length [-Wstringop-overflow=]
strncat(buffer, ", ", 2);
^~~~~~~~~~~~~~~~~~~~~~~~
Closer inspection shows that buffer is only used to output protocol names
when debug logging is enabled, so restructure the code a bit as well.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
FreeBSD insists that <sys/types.h> be included before <netinet/in.h> and
that <netinet/in.h> be included before <arpa/inet.h>. This adds guards to
the "sparse" headers to yield a warning if this order is violated. This
commit also adjusts the order of many #includes to suit this requirement.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
These macros expand to constants of type struct eth_addr and struct
eth_addr64, respectively, and make it more convenient to initialize or
assign to an Ethernet address object.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Mark Michelson <mmichels@redhat.com>
Shadowing is when a variable with a given name in an inner scope hides a
different variable with the same name in a surrounding scope. This is
generally undesirable because it can confuse programmers. This commit
eliminates most of it.
Found with -Wshadow=local in GCC 7. The repo is not really ready to enable
this option by default because of a few cases that are harder to fix, and
harmless, such as nested use of CMAP_FOR_EACH.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Andy Zhou <azhou@ovn.org>
This attempts to prevent namespace collisions with other list libraries
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Define struct eth_addr and use it instead of a uint8_t array for all
ethernet addresses in OVS userspace. The struct is always the right
size, and it can be assigned without an explicit memcpy, which makes
code more readable.
"struct eth_addr" is a good type name for this as many utility
functions are already named accordingly.
struct eth_addr can be accessed as bytes as well as ovs_be16's, which
makes the struct 16-bit aligned. All use seems to be 16-bit aligned,
so some algorithms on the ethernet addresses can be made a bit more
efficient making use of this fact.
As the struct fits into a register (in 64-bit systems) we pass it by
value when possible.
This patch also changes the few uses of Linux specific ETH_ALEN to
OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no
longer needed.
This work stemmed from a desire to make all struct flow members
assignable for unrelated exploration purposes. However, I think this
might be a nice code readability improvement by itself.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
This commit fixes a bug where the i-sid/vlan mapping structures associated with
an lldp-enabled port were not being freed during general port cleanup.
Signed-off-by: Dennis Flynn <drflynn@avaya.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The following enhancements to the auto-attach feature are provided
- Support recent modifications to the AA element discovery TLV
- Support recent Avaya Organizationally Unique ID (OUI) change.
(This will change to IEEE assigned OUI once AA standard has been ratified)
- Remove some Avaya specific #defines
The primary purpose of this commit is to catch up with the latest changes made
to the auto attach TLVs as the Auto Attach feature progresses through the
802.1Q IEEE standards committee. Most notably this includes some minor rework
of the AA element discovery TLV and a recent change to the Avaya OUI value.
Signed-off-by: Dennis Flynn <drflynn@avaya.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Fixes following dp-packet access. Removes netinet/if_ether.h
include due to duplicate definition of ether_addr.
------
In file included from /usr/include/netinet/if_ether.h:60:0,
from lib/lldp/lldpd.h:23,
from lib/ovs-lldp.h:26,
from lib/ovs-lldp.c:30:
/usr/include/net/ethernet.h: At top level:
/usr/include/net/ethernet.h:32:8: error: redefinition of 'struct
ether_addr'
struct ether_addr
^
In file included from
../dpdk/dpdk/x86_64-native-linuxapp-gcc/include/rte_ethdev.h:179:0,
from lib/netdev-dpdk.h:18,
from lib/dp-packet.h:25,
from lib/ovs-lldp.h:23,
from lib/ovs-lldp.c:30:
../dpdk/dpdk/x86_64-native-linuxapp-gcc/include/rte_ether.h:83:8: note:
originally defined here
struct ether_addr {
^
lib/ovs-lldp.c: In function 'lldp_process_packet':
lib/ovs-lldp.c:676:30: error: 'const struct dp_packet' has no member
named 'data_'
(char *) p->data_, p->size_);
^
lib/ovs-lldp.c:676:40: error: 'const struct dp_packet' has no member
named 'size_'
(char *) p->data_, p->size_);
------
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@nicira.com>
A list of some type should have type "struct ovs_list", not some other
type that encapsulates it.
This ovs_list is a bit puzzling in itself, because it appears to always
have exactly one element.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The OVS style is to usually avoid parentheses in cases like these where
they just make expressions harder to read.
Signed-off-by: Ben Pfaff <blp@nicira.com>
errno values are positive values, so it's not reasonable to use E2BIG as
an error return with positive values also indicating packet lengths.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This member is typically an Ethernet address so the appropriate type is
uint8_t, not char. This eliminates a couple of casts.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The POKE macros previously used here don't match the style usually used in
OVS and they require the user to know exactly how many bytes to reserve.
This commit replaces them by easier-to-use inline functions that take
advantage of the ofpbuf interface.
Also removes a few PEEK macros that weren't used anywhere.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit provides the initial delivery of support for the Auto-Attach
standard to Open vSwitch. This standard describes a compact method of using
IEEE 802.1AB Link Layer Discovery Protocol (LLDP) with a IEEE 802.1aq Shortest
Path Bridging (SPB) network to automatically attach network devices not
supporting IEEE 802.1ah to individual services in a SPB network. Specifically
this commit adds base LLDP support to OVS along with the LLDP extension
required to support Auto-Attach.
The base LLDP code within this commit is adapted from the open source LLDPD
project headed by Vincent Bernat. This base code is augmented with OVS specific
logic which integrates LLDP into OVS and which extends LLDP to support
Auto-Attach. The required build system changes are provided to include this new
Auto-Attach feature.
This is the first of a series of commits. Subsequent commits will be provided
to complete the task of adding Auto-Attach to OVS.
Signed-off-by: Ludovic Beliveau <ludovic.beliveau@windriver.com>
Signed-off-by: Dennis Flynn <drflynn@avaya.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
