odp-util: Stop key parsing if already oversized.

We don't need to continue parsing if already oversized. This is not very important, but fuzzer times out while parsing very long flow. The check could be written as a single 'if' statement, but I found my variant much more readable. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35519 Signed-off-by: Ilya Maximets <[email protected]> Acked-by: Ben Pfaff <[email protected]>
dqadri · Jul 7, 2021 · b780911 · b780911
1 parent 3da3cc1
commit b780911
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/lib/odp-util.c b/lib/odp-util.c
@@ -6077,6 +6077,15 @@ odp_flow_from_string(const char *s, const struct simap *port_names,
         }
 
         retval = parse_odp_key_mask_attr(&context, s, key, mask);
+
+        if (retval >= 0) {
+            if (nl_attr_oversized(key->size - NLA_HDRLEN)) {
+                retval = -E2BIG;
+            } else if (mask && nl_attr_oversized(mask->size - NLA_HDRLEN)) {
+                retval = -E2BIG;
+            }
+        }
+
         if (retval < 0) {
             if (errorp) {
                 *errorp = xasprintf("syntax error at %s", s);

diff --git a/tests/odp.at b/tests/odp.at
@@ -449,6 +449,20 @@ odp_actions_from_string: error
 ])
 AT_CLEANUP
 
+AT_SETUP([OVS datapath keys parsing and formatting - keys too long])
+dnl Flow keys should fit into a single netlink message.
+dnl Empty encap() takes 4 bytes.  So, 16384 is too many, but 16383 still fits.
+dnl We're getting 'duplicate attribute' error since it's not a logically valid
+dnl sequence of keys.  'syntax error' indicates oversized list of keys.
+keys=$(printf 'encap(),%.0s' $(seq 16382))
+echo "${keys}encap()" > keys.txt
+echo "${keys}encap(),encap()" >> keys.txt
+AT_CHECK([ovstest test-odp parse-keys < keys.txt | sed 's/encap(),//g'], [0], [dnl
+odp_flow_key_to_flow: error (duplicate encap attribute in flow key; the flow key in error is: encap())
+odp_flow_from_string: error (syntax error at encap())
+])
+AT_CLEANUP
+
 AT_SETUP([OVS datapath keys parsing and formatting - 33 nested encap ])
 AT_DATA([odp-in.txt], [dnl
 encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap(encap()))))))))))))))))))))))))))))))))