summaryrefslogtreecommitdiff
path: root/datapath-windows/ovsext/Flow.c
diff options
context:
space:
mode:
authorShashank Ram <rams@vmware.com>2017-06-15 15:15:47 -0700
committerGurucharan Shetty <guru@ovn.org>2017-06-22 12:32:41 -0700
commit9d71ade0cf5bb6a43f387f5a4765a79f82b0f09d (patch)
tree037962946983acb70abd5472de3b618988269392 /datapath-windows/ovsext/Flow.c
parent6c6204b67886ff9b051417376ab69d64191c35f4 (diff)
downloadopenvswitch-9d71ade0cf5bb6a43f387f5a4765a79f82b0f09d.tar.gz
datapath-windows: Add validations for IP_HEADER_LEN
Adds validations in OvsGetIp() to make sure the IHL is within valid bounds. If IHL is invalid, then the packet is dropped by the callers of this function. Signed-off-by: Shashank Ram <rams@vmware.com> Acked-by: Sairam Venugopal <vsairam@vmware.com> Acked-by: Nithin Raju <nithin@vmware.com> Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Diffstat (limited to 'datapath-windows/ovsext/Flow.c')
-rw-r--r--datapath-windows/ovsext/Flow.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Flow.c b/datapath-windows/ovsext/Flow.c
index 60f9b1c60..852a22fe6 100644
--- a/datapath-windows/ovsext/Flow.c
+++ b/datapath-windows/ovsext/Flow.c
@@ -2141,6 +2141,9 @@ OvsExtractLayers(const NET_BUFFER_LIST *packet,
}
}
}
+ } else {
+ /* Invalid network header */
+ return NDIS_STATUS_INVALID_PACKET;
}
} else if (dlType == htons(ETH_TYPE_IPV6)) {
NDIS_STATUS status;
@@ -2360,8 +2363,10 @@ OvsExtractFlow(const NET_BUFFER_LIST *packet,
}
}
} else {
+ /* Invalid network header */
((UINT64 *)ipKey)[0] = 0;
((UINT64 *)ipKey)[1] = 0;
+ return NDIS_STATUS_INVALID_PACKET;
}
} else if (flow->l2.dlType == htons(ETH_TYPE_IPV6)) {
NDIS_STATUS status;
View Lorry Controller Status