mirror of
https://github.com/openvswitch/ovs
synced 2025-08-29 05:18:13 +00:00
7490f281f0
The OVS LLDP implementation includes support for AutoAttach standard, which
the 'upstream' lldpd project does not include. As part of adding this
support, the message parsing for these TLVs did not include proper length
checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
without a proper boundary will cause an overread of memory, and lead to
undefined results, including crashes or other unidentified behavior.
The fix is to introduce proper bounds checking for these elements. Introduce
a unit test to ensure that we have some proper rejection in this code
base in the future.
Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Qian Chen <cq674350529@163.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>