Commit cc570605 authored Sep 14, 2015 by Joe Stringer Committed by David S. Miller Sep 17, 2015

openvswitch: Fix IPv6 exthdr handling with ct helpers.



Static code analysis reveals the following bug:

        net/openvswitch/conntrack.c:281 ovs_ct_helper()
        warn: unsigned 'protoff' is never less than zero.

This signedness bug breaks error handling for IPv6 extension headers when
using conntrack helpers. Fix the error by using a local signed variable.

Fixes:  cae3a262: "openvswitch: Allow attaching helpers to ct
action"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 37a1d361

net/openvswitch/conntrack.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -275,13 +275,15 @@ static int ovs_ct_helper(struct sk_buff *skb, u16 proto)
		case NFPROTO_IPV6: {
		u8 nexthdr = ipv6_hdr(skb)->nexthdr;
		__be16 frag_off;
		int ofs;

		protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
		&nexthdr, &frag_off);
		if (protoff < 0 \|\| (frag_off & htons(~0x7)) != 0) {
		ofs = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
		&frag_off);
		if (ofs < 0 \|\| (frag_off & htons(~0x7)) != 0) {
		pr_debug("proto header not found\n");
		return NF_ACCEPT;
		}
		protoff = ofs;
		break;
		}
		default: