Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fecaef85 authored by Jarno Rajahalme's avatar Jarno Rajahalme Committed by Pravin B Shelar
Browse files

openvswitch: Validate IPv6 flow key and mask values. 



Reject flow label key and mask values with invalid bits set.
Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set'
action").

Signed-off-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
Acked-by: default avatarJesse Gross <jesse@nicira.com>
Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
parent 8ec609d8

net/openvswitch/flow_netlink.c

+7 −0
Original line number Diff line number Diff line
@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs, 
				ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);

			return -EINVAL;

		}



		if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {

			OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",

				  ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);

			return -EINVAL;

		}



		SW_FLOW_KEY_PUT(match, ipv6.label,

				ipv6_key->ipv6_label, is_mask);

		SW_FLOW_KEY_PUT(match, ip.proto,