Uploaded image for project: 'ONOS'
  1. ONOS
  2. ONOS-605

Exceptions thrown while deserializing truncated or malformed packets

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.0.1, 1.1.0
    • Component/s: None
    • Labels:
      None

      Description

      This bug causes a security vulnerability and has been assigned CVE-2015-1166.

      When ONOS receives a packet-in, it tries to deserialize the packet into an Ethernet object.
      This can fail for a couple of reasons:
      1. The packet was truncated when it was sent by the switch
      2. The packet was not a valid Ethernet/IP/TCP/UDP packet in the first place.

      Currently when the deserialization fails, exceptions are thrown which result in the switch being kicked off. We should gracefully handle the case where deserialization fails and account for the fact that not all packets can be deserialized.

      2015-01-11 21:43:13,107 | ERROR | ew I/O worker #7 | OFChannelHandler                 | 126 - org.onosproject.onos-of-ctl - 1.1.0.SNAPSHOT | Error while processing message from switch OFSwitchImplOVS13 [/192.168.50.254:49295 DPID[00:00:00:00:00:00:00:a2]]state ACTIVE
      java.lang.IndexOutOfBoundsException
              at java.nio.ByteBuffer.wrap(ByteBuffer.java:375)[:1.8.0_25]
              at org.onlab.packet.Ethernet.deserialize(Ethernet.java:306)
              at org.onosproject.openflow.controller.DefaultOpenFlowPacketContext.parsed(DefaultOpenFlowPacketContext.java:88)
              at org.onosproject.provider.of.packet.impl.OpenFlowPacketProvider$InternalPacketProvider.handlePacket(OpenFlowPacketProvider.java:159)
              at org.onosproject.openflow.controller.impl.OpenFlowControllerImpl.processPacket(OpenFlowControllerImpl.java:194)
              at org.onosproject.openflow.controller.impl.OpenFlowControllerImpl$OpenFlowSwitchAgent.processMessage(OpenFlowControllerImpl.java:413)
              at org.onosproject.openflow.controller.driver.AbstractOpenFlowSwitch.handleMessage(AbstractOpenFlowSwitch.java:171)
              at org.onosproject.openflow.controller.impl.OFChannelHandler.dispatchMessage(OFChannelHandler.java:1158)
              at org.onosproject.openflow.controller.impl.OFChannelHandler.access$1600(OFChannelHandler.java:81)
              at org.onosproject.openflow.controller.impl.OFChannelHandler$ChannelState$8.processOFPacketIn(OFChannelHandler.java:617)
              at org.onosproject.openflow.controller.impl.OFChannelHandler$ChannelState.processOFMessage(OFChannelHandler.java:865)
              at org.onosproject.openflow.controller.impl.OFChannelHandler.messageReceived(OFChannelHandler.java:1139)
              at org.jboss.netty.handler.timeout.IdleStateAwareChannelHandler.handleUpstream(IdleStateAwareChannelHandler.java:36)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.handler.timeout.ReadTimeoutHandler.messageReceived(ReadTimeoutHandler.java:184)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.handler.timeout.IdleStateHandler.messageReceived(IdleStateHandler.java:294)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
              at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)[43:org.jboss.netty:3.9.2.Final]
              at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)[43:org.jboss.netty:3.9.2.Final]
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_25]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_25]
              at java.lang.Thread.run(Thread.java:745)[:1.8.0_25]
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            jono Jonathan Hart
            Reporter:
            jono Jonathan Hart
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: