acl: fix the integer overflow bug in API message length validation logic - vpp

diff options

author	Andrew Yourtchenko <ayourtch@gmail.com>	2021-03-25 14:13:47 +0000
committer	Matthew Smith <mgsmith@netgate.com>	2021-03-25 21:14:09 +0000
commit	22af286a2976339b25e11c23ac273e1781138fb7 (patch)
tree	683bd1e05aa36e874a49bfff8f1c869adddf1154 /src/vnet/session/application_interface.h
parent	abd8b36d19408403a40d24aa411686d52011a844 (diff)

acl: fix the integer overflow bug in API message length validation logic

Sending the bogus acl_add_replace message with count=~0 will result in an overflow of "expected_len" field which is a u32, thus the message will pass the validation when it should not. Solution - make the expected_len a u64 to avoid overflow. The bug was found while experimenting with libfuzzer as part of https://gerrit.fd.io/r/c/vpp/+/31763 Type: fix Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

Diffstat (limited to 'src/vnet/session/application_interface.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: