upstream/oracle/userland-gate: components/openvswitch/patches/09-CVE-2016-2074.patch@6469e6424607 (annotated)

5730 cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	1	This patch fixes CVE-2016-2074.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	2
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	3	Multiple versions of Open vSwitch are vulnerable to remote buffer
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	4	overflow attacks, in which crafted MPLS packets could overflow the
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	5	buffer reserved for MPLS labels in an OVS internal data structure.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	6	The MPLS packets that trigger the vulnerability and the potential for
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	7	exploitation vary depending on version:
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	8
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	9	- Open vSwitch 2.1.x and earlier are not vulnerable.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	10
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	11	- In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	12	exploited for arbitrary remote code execution.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	13	- In Open vSwitch 2.4.x, the MPLS buffer overflow does not
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	14	obviously lead to a remote code execution exploit, but testing
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	15	shows that it can allow a remote denial of service. See the
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	16	mitigation section for details.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	17
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	18	- Open vSwitch 2.5.x is not vulnerable.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	19
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	20	The Common Vulnerabilities and Exposures project (cve.mitre.org) has
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	21	assigned the identifier CVE-2016-2074 to this issue.
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	22
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	23	In OVS 2.3.x, this fix was applied by changeset:
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	24	f4137393ef2fd23a70d987ee9f89454e25db1700
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	25
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	26	diff --git a/lib/flow.c b/lib/flow.c
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	27	index 9018b66..c565032 100644
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	28	--- a/lib/flow.c
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	29	+++ b/lib/flow.c
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	30	@@ -159,7 +159,7 @@ struct mf_ctx {
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	31
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	32	/* Data at 'valuep' may be unaligned. */
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	33	#define miniflow_push_words_(MF, OFS, VALUEP, N_WORDS) \
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	34	-{ \
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	35	+if (N_WORDS) { \
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	36	int ofs32 = (OFS) / 4; \
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	37	\
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	38	MINIFLOW_ASSERT(MF.data + (N_WORDS) <= MF.end && (OFS) % 4 == 0 \
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	39	@@ -210,7 +210,7 @@ parse_mpls(void *datap, size_t sizep)
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	40	break;
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	41	}
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	42	}
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	43	- return MAX(count, FLOW_MAX_MPLS_LABELS);
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	44	+ return MIN(count, FLOW_MAX_MPLS_LABELS);
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	45	}
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	46
cca4aa297e68 22590644 OpenvSwitch should be updated to version 2.3.2 Mark Haywood <Mark.Haywood@Oracle.COM> parents: diff changeset	47	static inline ovs_be16

author	Chad Mynhier <chad.mynhier@oracle.com>
	Wed, 12 Oct 2016 11:24:25 -0700
changeset 7095	6469e6424607
parent 5730	cca4aa297e68
permissions	-rw-r--r--