aboutsummaryrefslogtreecommitdiffstats
path: root/net/openvswitch
diff options
context:
space:
mode:
authorJarno Rajahalme <jrajahalme@nicira.com>2014-11-11 17:36:30 -0500
committerPravin B Shelar <pshelar@nicira.com>2014-11-14 18:13:26 -0500
commitfecaef85f7188ad1822210e2c7a7625c9a32a8e4 (patch)
tree0a9c80f61ce3fc5c8eedaf51ed83899c96c30137 /net/openvswitch
parent8ec609d8b561468691b60347ff594bd443ea58c0 (diff)
openvswitch: Validate IPv6 flow key and mask values.
Reject flow label key and mask values with invalid bits set. Introduced by commit 3fdbd1ce11e5 ("openvswitch: add ipv6 'set' action"). Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Diffstat (limited to 'net/openvswitch')
-rw-r--r--net/openvswitch/flow_netlink.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index dda040e693a3..fa4ec2e4a78b 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
689 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); 689 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
690 return -EINVAL; 690 return -EINVAL;
691 } 691 }
692
693 if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
694 OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
695 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
696 return -EINVAL;
697 }
698
692 SW_FLOW_KEY_PUT(match, ipv6.label, 699 SW_FLOW_KEY_PUT(match, ipv6.label,
693 ipv6_key->ipv6_label, is_mask); 700 ipv6_key->ipv6_label, is_mask);
694 SW_FLOW_KEY_PUT(match, ip.proto, 701 SW_FLOW_KEY_PUT(match, ip.proto,