Skip to content
Permalink
Browse files Browse the repository at this point in the history
ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or com…
…mand.

When decoding a group mod, the current code validates the group type and
command after the whole group mod has been decoded.  The OF1.5 decoder,
however, tries to use the type and command earlier, when it might still be
invalid.  This caused an assertion failure (via OVS_NOT_REACHED).  This
commit fixes the problem.

ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9249
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
  • Loading branch information
blp committed Jul 7, 2018
1 parent 0e1367a commit 4af6da3
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/ofp-util.c
Expand Up @@ -8941,7 +8941,7 @@ parse_group_prop_ntr_selection_method(struct ofpbuf *payload,
"only allowed for select groups");
return OFPERR_OFPBPC_BAD_VALUE;
default:
OVS_NOT_REACHED();
return OFPERR_OFPGMFC_BAD_TYPE;
}

switch (group_cmd) {
Expand All @@ -8956,7 +8956,7 @@ parse_group_prop_ntr_selection_method(struct ofpbuf *payload,
"only allowed for add and delete group modifications");
return OFPERR_OFPBPC_BAD_VALUE;
default:
OVS_NOT_REACHED();
return OFPERR_OFPGMFC_BAD_COMMAND;
}

if (payload->size < sizeof *prop) {
Expand Down

1 comment on commit 4af6da3

@abergmann
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've contacted MITRE and they have assigned CVE-2018-17204 to this issue.

Please sign in to comment.