Reject flow label key and mask values with invalid bits set.
Signed-off-by: Jarno Rajahalme <[email protected]>
---
datapath/flow_netlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index e4cf535..294e54c 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -688,6 +688,11 @@ static int ovs_key_from_nlattrs(struct sw_flow_match
*match, u64 attrs,
ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
return -EINVAL;
}
+ if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000) {
+ OVS_NLERR("Invalid IPv6 flow label value (value=%x,
max=%x).\n",
+ ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
+ return -EINVAL;
+ }
SW_FLOW_KEY_PUT(match, ipv6.label,
ipv6_key->ipv6_label, is_mask);
SW_FLOW_KEY_PUT(match, ip.proto,
--
1.7.10.4
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
