OVS LLDP support is based on a fork of the lldpd daemon code from
2015. Several bug fixes have landed upstream since then. Some
(buffer overflow in management address TLV, TLV ordering/size/
uniqueness validation, duplicate-TLV memory leaks) were already
independently fixed in OVS.
This series backports the four remaining applicable fixes from
upstream lldpd to the OVS fork:
1/4 - Zero-initialize addr_str_buffer to prevent uninitialized
memory reads (OSS-Fuzz, upstream 83f0edd).
2/4 - Reject zero-length management address to prevent unsigned
underflow of addr_length (upstream 1d55036).
3/4 - Fix out-of-order TLV warning messages that logged the wrong
variable and had confusing wording (upstream 8317658).
4/4 - Don't discard the entire LLDPDU when a single TLV has an
unknown type, per IEEE 802.1AB-2005 (upstream 314ca27).
Timothy Redaelli (4):
lldp: Zero-initialize addr_str_buffer in lldp_decode().
lldp: Reject zero-length management address in lldp_decode().
lldp: Fix out-of-order TLV warning messages in lldp_decode().
lldp: Don't discard entire LLDPDU for an unknown TLV type.
lib/lldp/lldp.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
--
2.54.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
