Updated to 2.15.0

4 years ago · 74024c5b4e
parent d182a88ae2
commit 74024c5b4e
8 changed files with 7 additions and 327 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,3 +39,4 @@
 /openvswitch-2.12.0.tar.gz
 /openvswitch-2.13.0.tar.gz
 /openvswitch-2.14.0.tar.gz
 /openvswitch-2.15.0.tar.gz
--- a/0001-lldp-validate-a-bit-more-received-LLDP-frames.patch
+++ b/0001-lldp-validate-a-bit-more-received-LLDP-frames.patch
@ -1,132 +0,0 @@
 From d0e86f3353677fd9432608c7189928467767a109 Mon Sep 17 00:00:00 2001
 From: Vincent Bernat <vincent@bernat.ch>
 Date: Thu, 12 Nov 2020 19:54:50 -0500
 Subject: [PATCH 1/5] lldp: validate a bit more received LLDP frames
 Upstream commit:
    commit 3aeae72b97716fddac290634fad02b952d981f17
    Author: Vincent Bernat <vincent@bernat.ch>
    Date:   Tue, 1 Oct 2019 21:42:42 +0200
    lldp: validate a bit more received LLDP frames
    Notably, we ensure the order and unicity of Chassis ID, Port ID and
    TTL TLV. For Chassis ID and Port ID, we also ensure the maximum size
    does not exceed 256.
    Fix https://github.com/vincentbernat/lldpd/issues/351
 Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
 Signed-off-by: Aaron Conole <aconole@redhat.com>
 Co-authored-by: Aaron Conole <aconole@redhat.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 lib/lldp/lldp.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 51 insertions(+), 2 deletions(-)
 diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
 index 74f747fcd..e61ce6774 100644
 --- a/lib/lldp/lldp.c
 +++ b/lib/lldp/lldp.c
@@ -341,6 +341,12 @@ lldp_send(struct lldpd *global OVS_UNUSED,
     return dp_packet_size(p);
 }
 +#define CHECK_TLV_MAX_SIZE(x, name)                                 \
 +    do { if (tlv_size > (x)) {                                      \
 +            VLOG_WARN(name " TLV too large received on %s",         \
 +                      hardware->h_ifname);                          \
 +            goto malformed;                                         \
 +        } } while (0)
 int
 lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
@@ -359,7 +365,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
     int length, af;
     bool gotend = false;
     bool ttl_received = false;
 -    int tlv_size, tlv_type, tlv_subtype;
 +    int tlv_size, tlv_type, tlv_subtype, tlv_count = 0;
     u_int8_t *pos, *tlv;
     void *b;
     struct lldpd_aa_isid_vlan_maps_tlv *isid_vlan_map = NULL;
@@ -411,6 +417,31 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
                       hardware->h_ifname);
             goto malformed;
         }
 +        /* Check order for mandatory TLVs */
 +        tlv_count++;
 +        switch (tlv_type) {
 +        case LLDP_TLV_CHASSIS_ID:
 +            if (tlv_count != 1) {
 +                VLOG_WARN("first TLV should be a chassis ID on %s, not %d",
 +                          hardware->h_ifname, tlv_type);
 +                goto malformed;
 +            }
 +            break;
 +        case LLDP_TLV_PORT_ID:
 +            if (tlv_count != 2) {
 +                VLOG_WARN("second TLV should be a port ID on %s, not %d",
 +                          hardware->h_ifname, tlv_type);
 +                goto malformed;
 +            }
 +            break;
 +        case LLDP_TLV_TTL:
 +            if (tlv_count != 3) {
 +                VLOG_WARN("third TLV should be a TTL on %s, not %d",
 +                          hardware->h_ifname, tlv_type);
 +                goto malformed;
 +            }
 +            break;
 +        }
         switch (tlv_type) {
         case LLDP_TLV_END:
@@ -428,7 +459,8 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
         case LLDP_TLV_CHASSIS_ID:
         case LLDP_TLV_PORT_ID:
 -            CHECK_TLV_SIZE(2, "Port Id");
 +            CHECK_TLV_SIZE(2, "Port/Chassis Id");
 +            CHECK_TLV_MAX_SIZE(256, "Port/Chassis Id");
             tlv_subtype = PEEK_UINT8;
             if (tlv_subtype == 0 || tlv_subtype > 7) {
                 VLOG_WARN("unknown subtype for tlv id received on %s",
@@ -438,10 +470,22 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
             b = xzalloc(tlv_size - 1);
             PEEK_BYTES(b, tlv_size - 1);
             if (tlv_type == LLDP_TLV_PORT_ID) {
 +                if (port->p_id != NULL) {
 +                    VLOG_WARN("Port ID TLV received twice on %s",
 +                              hardware->h_ifname);
 +                    free(b);
 +                    goto malformed;
 +                }
                 port->p_id_subtype = tlv_subtype;
                 port->p_id = b;
                 port->p_id_len = tlv_size - 1;
             } else {
 +                if (chassis->c_id != NULL) {
 +                    VLOG_WARN("Chassis ID TLV received twice on %s",
 +                              hardware->h_ifname);
 +                    free(b);
 +                    goto malformed;
 +                }
                 chassis->c_id_subtype = tlv_subtype;
                 chassis->c_id = b;
                 chassis->c_id_len = tlv_size - 1;
@@ -449,6 +493,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
             break;
         case LLDP_TLV_TTL:
 +            if (ttl_received) {
 +                VLOG_WARN("TTL TLV received twice on %s",
 +                          hardware->h_ifname);
 +                goto malformed;
 +            }
             CHECK_TLV_SIZE(2, "TTL");
             chassis->c_ttl = PEEK_UINT16;
             ttl_received = true;
 -- 
 2.28.0
--- a/0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch
+++ b/0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch
@ -1,40 +0,0 @@
 From 800ce88f52c68e9754d9d9085daf47cf90bb10cf Mon Sep 17 00:00:00 2001
 From: Jonas Johansson <jonasj76@gmail.com>
 Date: Thu, 12 Nov 2020 19:54:51 -0500
 Subject: [PATCH 2/5] lldp: Fix size of PEEK_DISCARD_UINT32()
 Upstream commit:
    commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b
    Author: Jonas Johansson <jonasj76@gmail.com>
    Date:   Thu, 21 Apr 2016 11:50:06 +0200
    Fix size of PEEK_DISCARD_UINT32()
    Signed-off-by: Jonas Johansson <jonasj76@gmail.com>
 Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
 Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
 Reported-at: https://github.com/openvswitch/ovs/pull/336
 Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Acked-by: Aaron Conole <aconole@redhat.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 lib/lldp/lldp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
 index e61ce6774..593c5e1c3 100644
 --- a/lib/lldp/lldp.c
 +++ b/lib/lldp/lldp.c
@@ -59,7 +59,7 @@ VLOG_DEFINE_THIS_MODULE(lldp);
     } while (0)
 #define PEEK_DISCARD_UINT8 PEEK_DISCARD(1)
 #define PEEK_DISCARD_UINT16 PEEK_DISCARD(2)
 -#define PEEK_DISCARD_UINT32 PEEK_DISCARD(3)
 +#define PEEK_DISCARD_UINT32 PEEK_DISCARD(4)
 #define PEEK_CMP(value, bytes) \
      (length -= (bytes),       \
      pos += (bytes),           \
 -- 
 2.28.0
--- a/0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch
+++ b/0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch
@ -1,58 +0,0 @@
 From ec51fc90669e5fe1a2096581296d55b3acda6711 Mon Sep 17 00:00:00 2001
 From: Vincent Bernat <vincent@bernat.im>
 Date: Thu, 12 Nov 2020 19:54:52 -0500
 Subject: [PATCH 3/5] lldp: fix a buffer overflow when handling management
 address TLV
 Upstream commit:
    commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b
    Author: Vincent Bernat <vincent@bernat.im>
    Date: Sun, 4 Oct 2015 01:50:38 +0200
    lldp: fix a buffer overflow when handling management address TLV
    When a remote device was advertising a too large management address
    while still respecting TLV boundaries, lldpd would crash due to a buffer
    overflow. However, the buffer being a static one, this buffer overflow
    is not exploitable if hardening was not disabled. This bug exists since
    version 0.5.6.
 Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
 Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
 Reported-at: https://github.com/openvswitch/ovs/pull/335
 Co-authored-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Acked-by: Aaron Conole <aconole@redhat.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 lib/lldp/lldp.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
 index 593c5e1c3..628d0f863 100644
 --- a/lib/lldp/lldp.c
 +++ b/lib/lldp/lldp.c
@@ -530,6 +530,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
         case LLDP_TLV_MGMT_ADDR:
             CHECK_TLV_SIZE(1, "Management address");
             addr_str_length = PEEK_UINT8;
 +            if (addr_str_length > sizeof(addr_str_buffer)) {
 +                VLOG_WARN("too large management address on %s",
 +                          hardware->h_ifname);
 +                goto malformed;
 +            }
             CHECK_TLV_SIZE(1 + addr_str_length, "Management address");
             PEEK_BYTES(addr_str_buffer, addr_str_length);
             addr_length = addr_str_length - 1;
@@ -554,7 +559,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
             break;
         case LLDP_TLV_ORG:
 -            CHECK_TLV_SIZE(4, "Organisational");
 +            CHECK_TLV_SIZE(1 + sizeof orgid, "Organisational");
             PEEK_BYTES(orgid, sizeof orgid);
             tlv_subtype = PEEK_UINT8;
             if (memcmp(dot1, orgid, sizeof orgid) == 0) {
 -- 
 2.28.0
--- a/0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch
+++ b/0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch
@ -1,37 +0,0 @@
 From d9140c3fd0bcba05a9e33fc7b1e042b86e31ae37 Mon Sep 17 00:00:00 2001
 From: Vincent Bernat <vincent@bernat.ch>
 Date: Thu, 12 Nov 2020 19:54:53 -0500
 Subject: [PATCH 4/5] lldp: increase statsTLVsUnrecognizedTotal on unknown TLV
 Upstream commit:
    commit 109bcd423cd560545ec7940d73a50c5584aebb0c
    Author: Vincent Bernat <vincent@bernat.ch>
    Date: Sat, 6 Apr 2019 21:17:25 +0200
    This was done for organization TLVs, but not for other TLVs.
    Fix https://github.com/vincentbernat/lldpd/issues/323
 Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
 Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Acked-by: Aaron Conole <aconole@redhat.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 lib/lldp/lldp.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
 index 628d0f863..e5755307f 100644
 --- a/lib/lldp/lldp.c
 +++ b/lib/lldp/lldp.c
@@ -679,6 +679,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
             VLOG_WARN("unknown tlv (%d) received on %s",
                       tlv_type,
                       hardware->h_ifname);
 +            hardware->h_rx_unrecognized_cnt++;
             goto malformed;
         }
         if (pos > tlv + tlv_size) {
 -- 
 2.28.0
--- a/0005-lldp-correctly-increase-discarded-count.patch
+++ b/0005-lldp-correctly-increase-discarded-count.patch
@ -1,48 +0,0 @@
 From 45fd5e7ea1a63a62b70fdf05de782c31222696ad Mon Sep 17 00:00:00 2001
 From: Vincent Bernat <vincent@bernat.im>
 Date: Thu, 12 Nov 2020 19:54:54 -0500
 Subject: [PATCH 5/5] lldp: correctly increase discarded count
 Upstream commit:
    commit 32f0deeebc9172c3f5f4a4d02aab32e6904947f6
    Date: Sat, 18 Feb 2017 20:11:47 +0100
    lldpd: correctly increase discarded count
    When a frame cannot be decoded but has been guessed, increase the
    discarded count.
    Fix https://github.com/vincentbernat/lldpd/issues/223
 Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
 Co-authored-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
 Acked-by: Aaron Conole <aconole@redhat.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 lib/lldp/lldpd.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/lib/lldp/lldpd.c b/lib/lldp/lldpd.c
 index 19e930526..34738535d 100644
 --- a/lib/lldp/lldpd.c
 +++ b/lib/lldp/lldpd.c
@@ -244,6 +244,7 @@ lldpd_decode(struct lldpd *cfg, char *frame, int s,
     if (s < sizeof(struct eth_header) + 4) {
         /* Too short, just discard it */
 +        hw->h_rx_discarded_cnt++;
         return;
     }
@@ -284,6 +285,7 @@ lldpd_decode(struct lldpd *cfg, char *frame, int s,
                 VLOG_DBG("function for %s protocol did not "
                          "decode this frame",
                          cfg->g_protocols[i].name);
 +                hw->h_rx_discarded_cnt++;
                 return;
             }
             chassis->c_protocol = port->p_protocol = cfg->g_protocols[i].mode;
 -- 
 2.28.0
--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -44,8 +44,8 @@ Epoch:   1
 Name: openvswitch
 Summary: Open vSwitch daemon/database/utilities
 URL: http://www.openvswitch.org/
-Version: 2.14.0
+Version: 2.15.0
-Release: 4%{?commit0:.%{date}git%{shortcommit0}}%{?dist}
+Release: 1%{?commit0:.%{date}git%{shortcommit0}}%{?dist}
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@ -65,13 +65,6 @@ Source: http://openvswitch.org/releases/%{name}-%{version}.tar.gz
 # OVS (including OVN) backports (0 - 300)
 # 1899303 - CVE-2015-8011
 Patch10: 0001-lldp-validate-a-bit-more-received-LLDP-frames.patch
 Patch11: 0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch
 Patch12: 0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch
 Patch13: 0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch
 Patch14: 0005-lldp-correctly-increase-discarded-count.patch
 BuildRequires: gcc gcc-c++ make
 BuildRequires: autoconf automake libtool
 BuildRequires: systemd-units openssl openssl-devel
@ -102,10 +95,8 @@ BuildRequires: libcap-ng libcap-ng-devel
 BuildRequires: dpdk-devel libpcap-devel numactl-devel
 # Currently DPDK on Extras/AppStream includes the mlx{4,5} glue libraries, so
 # libibverbs is needed to run the tests (make check).
 # Starting from DPDK 18.11 also libmnl{,-devel} are needed
 %if 0%{?rhel}
 BuildRequires: libibverbs >= 15
 BuildRequires: libmnl-devel
 %endif
 %endif
 %endif
@ -481,6 +472,9 @@ chown -R openvswitch:openvswitch /etc/openvswitch
 %endif
 %changelog
 * Wed Feb 17 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.15.0-1
 - Updated to 2.15.0
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.14.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openvswitch-2.14.0.tar.gz) = 5fe377f9b2857e238e3d40e4452e8b36c80283230f1d0f4b983324532beba725913da817e545c8d7630762f170bb5b0dfe810fd1b8b559994d5eae828beb8ec1
+SHA512 (openvswitch-2.15.0.tar.gz) = a4e49268d6dd7d9d8fbf2005e8ffe45ede0998d21c98d7018474142656c65c05b14c8a7e4c7d8e0eea36e28d87550826225205e1fa03055d35a8cb048617c832
`@ -1 +1 @@`
	`SHA512 (openvswitch-2.14.0.tar.gz) = 5fe377f9b2857e238e3d40e4452e8b36c80283230f1d0f4b983324532beba725913da817e545c8d7630762f170bb5b0dfe810fd1b8b559994d5eae828beb8ec1`	`SHA512 (openvswitch-2.15.0.tar.gz) = a4e49268d6dd7d9d8fbf2005e8ffe45ede0998d21c98d7018474142656c65c05b14c8a7e4c7d8e0eea36e28d87550826225205e1fa03055d35a8cb048617c832`