openvswitch: Validate IPv6 flow key and mask values.
Reject flow label key and mask values with invalid bits set.
Introduced by commit 3fdbd1ce11
("openvswitch: add ipv6 'set'
action").
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
This commit is contained in:
parent
8ec609d8b5
commit
fecaef85f7
@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
|
||||
ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
|
||||
OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
|
||||
ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
SW_FLOW_KEY_PUT(match, ipv6.label,
|
||||
ipv6_key->ipv6_label, is_mask);
|
||||
SW_FLOW_KEY_PUT(match, ip.proto,
|
||||
|
Loading…
Reference in New Issue
Block a user