diff options
author | Jarno Rajahalme <jrajahalme@nicira.com> | 2014-11-11 14:36:30 -0800 |
---|---|---|
committer | Pravin B Shelar <pshelar@nicira.com> | 2014-11-14 15:13:26 -0800 |
commit | fecaef85f7188ad1822210e2c7a7625c9a32a8e4 (patch) | |
tree | 0a9c80f61ce3fc5c8eedaf51ed83899c96c30137 /net/openvswitch | |
parent | 8ec609d8b561468691b60347ff594bd443ea58c0 (diff) |
openvswitch: Validate IPv6 flow key and mask values.
Reject flow label key and mask values with invalid bits set.
Introduced by commit 3fdbd1ce11e5 ("openvswitch: add ipv6 'set'
action").
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Diffstat (limited to 'net/openvswitch')
-rw-r--r-- | net/openvswitch/flow_netlink.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index dda040e693a3..fa4ec2e4a78b 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs, ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); return -EINVAL; } + + if (ipv6_key->ipv6_label & htonl(0xFFF00000)) { + OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n", + ntohl(ipv6_key->ipv6_label), (1 << 20) - 1); + return -EINVAL; + } + SW_FLOW_KEY_PUT(match, ipv6.label, ipv6_key->ipv6_label, is_mask); SW_FLOW_KEY_PUT(match, ip.proto, |