[ovs-dev] [PATCH v3 5/6] datapath/flow_netlink: Validate IPv6 flow key and mask values.

Fri, 08 Aug 2014 13:27:12 -0700 

Reject flow label key and mask values with invalid bits set.

Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com>
---
 datapath/flow_netlink.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index e4cf535..294e54c 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -688,6 +688,11 @@ static int ovs_key_from_nlattrs(struct sw_flow_match 
*match, u64 attrs,
                                ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
                        return -EINVAL;
                }
+               if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000) {
+                       OVS_NLERR("Invalid IPv6 flow label value (value=%x, 
max=%x).\n",
+                                 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
+                       return -EINVAL;
+               }
                SW_FLOW_KEY_PUT(match, ipv6.label,
                                ipv6_key->ipv6_label, is_mask);
                SW_FLOW_KEY_PUT(match, ip.proto,
-- 
1.7.10.4

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to