summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJarno Rajahalme <jrajahalme@nicira.com>2014-11-12 01:36:30 +0300
committerPravin B Shelar <pshelar@nicira.com>2014-11-15 02:13:26 +0300
commitfecaef85f7188ad1822210e2c7a7625c9a32a8e4 (patch)
tree0a9c80f61ce3fc5c8eedaf51ed83899c96c30137
parent8ec609d8b561468691b60347ff594bd443ea58c0 (diff)
downloadlinux-fecaef85f7188ad1822210e2c7a7625c9a32a8e4.tar.xz
openvswitch: Validate IPv6 flow key and mask values.
Reject flow label key and mask values with invalid bits set. Introduced by commit 3fdbd1ce11e5 ("openvswitch: add ipv6 'set' action"). Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
-rw-r--r--net/openvswitch/flow_netlink.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index dda040e693a3..fa4ec2e4a78b 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -689,6 +689,13 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
return -EINVAL;
}
+
+ if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
+ OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
+ ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
+ return -EINVAL;
+ }
+
SW_FLOW_KEY_PUT(match, ipv6.label,
ipv6_key->ipv6_label, is_mask);
SW_FLOW_KEY_PUT(match, ip.proto,