netlink: added check to prevent netlink attribute overflow

If enough large input is passed to odp_actions_from_string it can cause netlink attribute to overflow. Check for buffer size was added to prevent entering this function and returning appropriate error code. Basic manual testing was performed. Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12231 Signed-off-by: Toms Atteka <cpp.code.lv@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
openvswitch · Feb 22, 2019 · 4802961 · 4802961
1 parent e8ef351
commit 4802961
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/odp-util.c b/lib/odp-util.c
@@ -2070,6 +2070,10 @@ parse_action_list(const char *s, const struct simap *port_names,
         n += retval;
     }
 
+    if (actions->size > UINT16_MAX) {
+        return -EFBIG;
+    }
+
     return n;
 }