diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2021-03-25 14:13:47 +0000 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2021-03-25 21:14:09 +0000 |
commit | 22af286a2976339b25e11c23ac273e1781138fb7 (patch) | |
tree | 683bd1e05aa36e874a49bfff8f1c869adddf1154 /src/vnet/plugin | |
parent | abd8b36d19408403a40d24aa411686d52011a844 (diff) |
acl: fix the integer overflow bug in API message length validation logic
Sending the bogus acl_add_replace message with count=~0 will result in
an overflow of "expected_len" field which is a u32, thus the message
will pass the validation when it should not.
Solution - make the expected_len a u64 to avoid overflow.
The bug was found while experimenting with libfuzzer as part of
https://gerrit.fd.io/r/c/vpp/+/31763
Type: fix
Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vnet/plugin')
0 files changed, 0 insertions, 0 deletions