From ab786890f2f93c5f5059eb4b8c3a724948825ee7 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Thu, 4 Sep 2014 13:06:21 +0900 Subject: [PATCH] ofagent: Fix a possible crash in arp responder Be careful for exceptions when feeding packet-in data, which is generated by tenant VMs and thus can not be trusted, to Ryu packet library. Closes-Bug: #1365255 Change-Id: Ia8bacfb55def563a1b23a47709ae72bd4fce0fce --- neutron/plugins/ofagent/agent/arp_lib.py | 8 +++++++- neutron/tests/unit/ofagent/test_arp_lib.py | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/neutron/plugins/ofagent/agent/arp_lib.py b/neutron/plugins/ofagent/agent/arp_lib.py index c83e943528..e97394dc2a 100644 --- a/neutron/plugins/ofagent/agent/arp_lib.py +++ b/neutron/plugins/ofagent/agent/arp_lib.py @@ -143,7 +143,13 @@ class ArpLib(object): ofp = datapath.ofproto port = msg.match['in_port'] metadata = msg.match.get('metadata') - pkt = packet.Packet(msg.data) + # NOTE(yamamoto): Ryu packet library can raise various exceptions + # on a corrupted packet. + try: + pkt = packet.Packet(msg.data) + except Exception as e: + LOG.info(_LI("Unparsable packet: got exception %s"), e) + return LOG.info(_LI("packet-in dpid %(dpid)s in_port %(port)s pkt %(pkt)s"), {'dpid': dpid_lib.dpid_to_str(datapath.id), 'port': port, 'pkt': pkt}) diff --git a/neutron/tests/unit/ofagent/test_arp_lib.py b/neutron/tests/unit/ofagent/test_arp_lib.py index a0b0dcdafc..27dc8b28b9 100644 --- a/neutron/tests/unit/ofagent/test_arp_lib.py +++ b/neutron/tests/unit/ofagent/test_arp_lib.py @@ -289,6 +289,11 @@ class TestArpLib(OFAAgentTestCase): self._fake_get_protocol_arp = False self._test_packet_in_handler_drop() + def test_packet_in_handler_corrupted(self): + mock.patch('ryu.lib.packet.packet.Packet', + side_effect=ValueError).start() + self._test_packet_in_handler_drop() + def test_packet_in_handler_unknown_network(self): self.arplib._arp_tbl = { self.nets[0].net: {self.nets[0].ip: self.nets[0].mac}}