-
Type: Bug
-
Status: Closed (View Workflow)
-
Priority: Critical
-
Resolution: Done
-
Affects Version/s: 1.0.0
-
Component/s: None
-
Labels:None
-
Epic Link:
This bug causes a security vulnerability and has been assigned CVE-2015-1166.
When ONOS receives a packet-in, it tries to deserialize the packet into an Ethernet object.
This can fail for a couple of reasons:
1. The packet was truncated when it was sent by the switch
2. The packet was not a valid Ethernet/IP/TCP/UDP packet in the first place.
Currently when the deserialization fails, exceptions are thrown which result in the switch being kicked off. We should gracefully handle the case where deserialization fails and account for the fact that not all packets can be deserialized.
2015-01-11 21:43:13,107 | ERROR | ew I/O worker #7 | OFChannelHandler | 126 - org.onosproject.onos-of-ctl - 1.1.0.SNAPSHOT | Error while processing message from switch OFSwitchImplOVS13 [/192.168.50.254:49295 DPID[00:00:00:00:00:00:00:a2]]state ACTIVE java.lang.IndexOutOfBoundsException at java.nio.ByteBuffer.wrap(ByteBuffer.java:375)[:1.8.0_25] at org.onlab.packet.Ethernet.deserialize(Ethernet.java:306) at org.onosproject.openflow.controller.DefaultOpenFlowPacketContext.parsed(DefaultOpenFlowPacketContext.java:88) at org.onosproject.provider.of.packet.impl.OpenFlowPacketProvider$InternalPacketProvider.handlePacket(OpenFlowPacketProvider.java:159) at org.onosproject.openflow.controller.impl.OpenFlowControllerImpl.processPacket(OpenFlowControllerImpl.java:194) at org.onosproject.openflow.controller.impl.OpenFlowControllerImpl$OpenFlowSwitchAgent.processMessage(OpenFlowControllerImpl.java:413) at org.onosproject.openflow.controller.driver.AbstractOpenFlowSwitch.handleMessage(AbstractOpenFlowSwitch.java:171) at org.onosproject.openflow.controller.impl.OFChannelHandler.dispatchMessage(OFChannelHandler.java:1158) at org.onosproject.openflow.controller.impl.OFChannelHandler.access$1600(OFChannelHandler.java:81) at org.onosproject.openflow.controller.impl.OFChannelHandler$ChannelState$8.processOFPacketIn(OFChannelHandler.java:617) at org.onosproject.openflow.controller.impl.OFChannelHandler$ChannelState.processOFMessage(OFChannelHandler.java:865) at org.onosproject.openflow.controller.impl.OFChannelHandler.messageReceived(OFChannelHandler.java:1139) at org.jboss.netty.handler.timeout.IdleStateAwareChannelHandler.handleUpstream(IdleStateAwareChannelHandler.java:36)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.handler.timeout.ReadTimeoutHandler.messageReceived(ReadTimeoutHandler.java:184)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.handler.timeout.IdleStateHandler.messageReceived(IdleStateHandler.java:294)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)[43:org.jboss.netty:3.9.2.Final] at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)[43:org.jboss.netty:3.9.2.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_25] at java.lang.Thread.run(Thread.java:745)[:1.8.0_25]