Skip to content

fix bugs when parsing malformed LLDP packets #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

Conversation

cq674350529
Copy link
Contributor

@cq674350529 cq674350529 commented Nov 22, 2022

fix two bugs when parsing malformed LLDP packets:

  • add length check for LLDP_TLV_AA_ELEMENT_SUBTYPE to avoid out-of-bounds read
  • add length check for LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE to avoid out-of-bounds read/integer underflow

Signed-off-by: Qian Chen <cq674350529@163.com>

@igsilya
Copy link
Member

igsilya commented Nov 25, 2022

Hi. Thanks for the fixes! In order to accept them we need your Signed-off-by tag in the commit message in a following format: Signed-off-by: Firstname Lastname <email@example.org>

Here is what FAQ says about that:

Q: What's a Signed-off-by and how do I provide one?

    A: Free and open source software projects usually require a contributor to
    provide some assurance that they're entitled to contribute the code that
    they provide.  Some projects, for example, do this with a Contributor
    License Agreement (CLA) or a copyright assignment that is signed on paper
    or electronically.

    For this purpose, Open vSwitch has adopted something called the Developer's
    Certificate of Origin (DCO), which is also used by the Linux kernel and
    originated there.  Informally stated, agreeing to the DCO is the
    developer's way of attesting that a particular commit that they are
    contributing is one that they are allowed to contribute.  You should visit
    https://developercertificate.org/ to read the full statement of the DCO,
    which is less than 200 words long.

    To certify compliance with the Developer's Certificate of Origin for a
    particular commit, just add the following line to the end of your commit
    message, properly substituting your name and email address:

        Signed-off-by: Firstname Lastname <email@example.org>

    Git has special support for adding a Signed-off-by line to a commit
    message: when you run "git commit", just add the -s option, as in "git
    commit -s".  If you use the "git citool" GUI for commits, you can add a
    Signed-off-by line to the commit message by pressing Control+S.  Other Git
    user interfaces may provide similar support.

@cq674350529
Copy link
Contributor Author

I added the Signed-off-by tag in the commit message if I did it correctly.

Fixes: be53a5c ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Qian Chen <cq674350529@163.com>
Signed-off-by: Qian Chen <cq674350529@163.com>
@igsilya
Copy link
Member

igsilya commented Dec 23, 2022

Changes were merged as commit 7490f28, so closing this PR. Thanks!

@igsilya igsilya closed this Dec 23, 2022
@cq674350529 cq674350529 deleted the fix/add_length_check branch December 24, 2022 01:37
doanac pushed a commit to lmp-mirrors/meta-virtualization that referenced this pull request Jan 10, 2023
CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
doanac pushed a commit to lmp-mirrors/meta-virtualization that referenced this pull request Jan 10, 2023
CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
doanac pushed a commit to lmp-mirrors/meta-virtualization that referenced this pull request Jan 10, 2023
CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
doanac pushed a commit to lmp-mirrors/meta-virtualization that referenced this pull request Jan 10, 2023
CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
jpuhlman pushed a commit to MontaVista-OpenSourceTechnology/meta-virtualization that referenced this pull request Jan 20, 2023
Source: meta-virtualization
MR: 123707
Type: Integration
Disposition: Merged from meta-virtualization
ChangeID: 79c584e
Description:

CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
mseaster-wr pushed a commit to WindRiverLinux22/meta-virtualization that referenced this pull request Feb 14, 2023
Issue: LIN1022-2736 LIN1022-2737
(kirkstone rev: 9c584eaaa5e1443a6449cdfddd1913ee6b162a3) -- Backport

Reference to Upstream:
https://git.yoctoproject.org/meta-virtualization/commit/?h=kirkstone&id=79c584eaaa5e1443a6449cdfddd1913ee6b162a3

CVE-2022-4337: openvswitch: Out-of-Bounds Read in Organization Specific TLV
CVE-2022-4338: openvswitch: Integer Underflow in Organization Specific TLV

Reference:
openvswitch/ovs#405
openvswitch/ovs@7490f28

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants