Commit fecaef85 authored by Jarno Rajahalme's avatar Jarno Rajahalme Committed by Pravin B Shelar

openvswitch: Validate IPv6 flow key and mask values.

Reject flow label key and mask values with invalid bits set.
Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set'
action").
Signed-off-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
Acked-by: default avatarJesse Gross <jesse@nicira.com>
Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
parent 8ec609d8
...@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs, ...@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
return -EINVAL; return -EINVAL;
} }
if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
return -EINVAL;
}
SW_FLOW_KEY_PUT(match, ipv6.label, SW_FLOW_KEY_PUT(match, ipv6.label,
ipv6_key->ipv6_label, is_mask); ipv6_key->ipv6_label, is_mask);
SW_FLOW_KEY_PUT(match, ip.proto, SW_FLOW_KEY_PUT(match, ip.proto,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment