summaryrefslogtreecommitdiffstats
path: root/src/svm/message_queue.h
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2021-03-25 14:13:47 +0000
committerMatthew Smith <mgsmith@netgate.com>2021-03-25 21:14:09 +0000
commit22af286a2976339b25e11c23ac273e1781138fb7 (patch)
tree683bd1e05aa36e874a49bfff8f1c869adddf1154 /src/svm/message_queue.h
parentabd8b36d19408403a40d24aa411686d52011a844 (diff)
acl: fix the integer overflow bug in API message length validation logic
Sending the bogus acl_add_replace message with count=~0 will result in an overflow of "expected_len" field which is a u32, thus the message will pass the validation when it should not. Solution - make the expected_len a u64 to avoid overflow. The bug was found while experimenting with libfuzzer as part of https://gerrit.fd.io/r/c/vpp/+/31763 Type: fix Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/svm/message_queue.h')
0 files changed, 0 insertions, 0 deletions