ofagent: Fix a possible crash in arp responder

Be careful for exceptions when feeding packet-in data, which is generated by tenant VMs and thus can not be trusted, to Ryu packet library. Closes-Bug: #1365255 Change-Id: Ia8bacfb55def563a1b23a47709ae72bd4fce0fce
2014-09-04 13:06:21 +09:00 · 2014-09-04 13:06:21 +09:00 · ab786890f2
commit ab786890f2
parent 1f80d73277
2 changed files with 12 additions and 1 deletions
--- a/neutron/plugins/ofagent/agent/arp_lib.py
+++ b/neutron/plugins/ofagent/agent/arp_lib.py
@ -143,7 +143,13 @@ class ArpLib(object):
        ofp = datapath.ofproto
        port = msg.match['in_port']
        metadata = msg.match.get('metadata')
-        pkt = packet.Packet(msg.data)
+        # NOTE(yamamoto): Ryu packet library can raise various exceptions
+        # on a corrupted packet.
+        try:
+            pkt = packet.Packet(msg.data)
+        except Exception as e:
+            LOG.info(_LI("Unparsable packet: got exception %s"), e)
+            return
        LOG.info(_LI("packet-in dpid %(dpid)s in_port %(port)s pkt %(pkt)s"),
                 {'dpid': dpid_lib.dpid_to_str(datapath.id),
                 'port': port, 'pkt': pkt})
--- a/neutron/tests/unit/ofagent/test_arp_lib.py
+++ b/neutron/tests/unit/ofagent/test_arp_lib.py
@ -289,6 +289,11 @@ class TestArpLib(OFAAgentTestCase):
        self._fake_get_protocol_arp = False
        self._test_packet_in_handler_drop()

+    def test_packet_in_handler_corrupted(self):
+        mock.patch('ryu.lib.packet.packet.Packet',
+                   side_effect=ValueError).start()
+        self._test_packet_in_handler_drop()
+
    def test_packet_in_handler_unknown_network(self):
        self.arplib._arp_tbl = {
            self.nets[0].net: {self.nets[0].ip: self.nets[0].mac}}