[hardknott][PATCH] ovs: update to 2.15.3

Home Messages Hashtags Subgroups

#7033

[hardknott][PATCH] ovs: update to 2.15.3

He Zhe #7033 Drop the following backported patch. 0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch Signed-off-by: He Zhe <zhe.he@...> --- ...use-after-free-while-decoding-RAW_EN.patch \| 101 ------------------ .../openvswitch/openvswitch_git.bb \| 7 +- 2 files changed, 3 insertions(+), 105 deletions(-) delete mode 100644 recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch diff --git a/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch b/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch deleted file mode 100644 index c88c097d..00000000 --- a/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 802a31a7070cea910b95d7e926c9da30a1f9e54f Mon Sep 17 00:00:00 2001 -From: Ilya Maximets <i.maximets@...> -Date: Tue, 16 Feb 2021 23:27:30 +0100 -Subject: [PATCH] ofp-actions: Fix use-after-free while decoding RAW_ENCAP. - -While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate -ofpbuf if there is no enough space left. However, function -'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap' -structure leading to write-after-free and incorrect decoding. - - ==3549105==ERROR: AddressSanitizer: heap-use-after-free on address - 0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408 - WRITE of size 2 at 0x60600000011a thread T0 - #0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20 - #1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16 - #2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21 - #3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13 - #4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12 - #5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17 - #6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13 - #7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16 - #8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21 - #9 0x65a28c in ofp_print lib/ofp-print.c:1288:28 - #10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9 - #11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17 - #12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5 - #13 0x5391ae in main utilities/ovs-ofctl.c:179:9 - #14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081) - #15 0x461fed in _start (utilities/ovs-ofctl+0x461fed) - -Fix that by getting a new pointer before using. - -Credit to OSS-Fuzz. - -Fuzzer regression test will fail only with AddressSanitizer enabled. - -Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 -Fixes: f839892a206a ("OF support and translation of generic encap and decap") -Acked-by: William Tu <u9012063@...> -Signed-off-by: Ilya Maximets <i.maximets@...> - -Upstream-Status: Backport -CVE: CVE-2021-36980 -Signed-off-by: Yanfei Xu <yanfei.xu@...> ---- - lib/ofp-actions.c \| 2 ++ - tests/automake.mk \| 3 ++- - tests/fuzz-regression-list.at \| 1 + - tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 \| 0 - 4 files changed, 5 insertions(+), 1 deletion(-) - create mode 100644 tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 - -diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c -index e2e829772..0342a228b 100644 ---- a/lib/ofp-actions.c -+++ b/lib/ofp-actions.c -@@ -4431,6 +4431,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap nae, - { - struct ofpact_encap encap; - const struct ofp_ed_prop_header ofp_prop; -+ const size_t encap_ofs = out->size; - size_t props_len; - uint16_t n_props = 0; - int err; -@@ -4458,6 +4459,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap nae, - } - n_props++; - } -+ encap = ofpbuf_at_assert(out, encap_ofs, sizeof encap); - encap->n_props = n_props; - out->header = &encap->ofpact; - ofpact_finish_ENCAP(out, &encap); -diff --git a/tests/automake.mk b/tests/automake.mk -index 677b99a6b..fc80e027d 100644 ---- a/tests/automake.mk -+++ b/tests/automake.mk -@@ -134,7 +134,8 @@ FUZZ_REGRESSION_TESTS = \ - tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \ - tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \ - tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \ -- tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 -+ tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \ -+ tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 - $(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk - $(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \ - basename=`echo $$name \| sed 's,^./,,'`; \ -diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at -index e3173fb88..2347c690e 100644 ---- a/tests/fuzz-regression-list.at -+++ b/tests/fuzz-regression-list.at -@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448]) -+TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832]) -diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 -new file mode 100644 -index 000000000..e69de29bb --- -2.27.0 - diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb index d7f8e4b0..a66c9677 100644 --- a/recipes-networking/openvswitch/openvswitch_git.bb +++ b/recipes-networking/openvswitch/openvswitch_git.bb @@ -14,12 +14,12 @@ RDEPENDS_${PN}-ptest += "\ " S = "${WORKDIR}/git" -PV = "2.15+${SRCPV}" -CVE_VERSION = "2.13.0" +PV = "2.15.3+${SRCPV}" +CVE_VERSION = "2.15.3" FILESEXTRAPATHS_append := "${THISDIR}/${PN}-git:" -SRCREV = "8dc1733eaea866dce033b3c44853e1b09bf59fc7" +SRCREV = "e4d2df62e65a615e19f62e2fd294709be8d75cdc" SRC_URI += "git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15 \ file://openvswitch-add-ptest-71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3.patch \ file://run-ptest \ @@ -28,7 +28,6 @@ SRC_URI += "git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15 file://systemd-update-tool-paths.patch \ file://systemd-create-runtime-dirs.patch \ file://0001-ovs-use-run-instead-of-var-run-for-in-systemd-units.patch \ - file://0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=1ce5d23a6429dff345518758f13aaeab" -- 2.17.1
More All Messages By This Member

#7033

Join {meta-virtualization@lists.yoctoproject.org to automatically receive all group messages.

Home Hashtags Subgroups Terms