openvswitch: Validate IPv6 flow key and mask values.

Reject flow label key and mask values with invalid bits set. Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set' action"). Signed-off-by: N Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: N Jesse Gross <jesse@nicira.com> Signed-off-by: N Pravin B Shelar <pshelar@nicira.com>

openvswitch: Validate IPv6 flow key and mask values.
Reject flow label key and mask values with invalid bits set. Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set' action"). Signed-off-by: N Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: N Jesse Gross <jesse@nicira.com> Signed-off-by: N Pravin B Shelar <pshelar@nicira.com>
fecaef85 · Jarno Rajahalme · Pravin B Shelar · 8ec609d8 · fecaef85
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

net/openvswitch/flow_netlink.c net/openvswitch/flow_netlink.c +7 -0

未找到文件。
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
 				ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
 			return -EINVAL;
 		}
+		if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
+			OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
+				  ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
+			return -EINVAL;
+		}
 		SW_FLOW_KEY_PUT(match, ipv6.label,
 				ipv6_key->ipv6_label, is_mask);
 		SW_FLOW_KEY_PUT(match, ip.proto,