diff options
| author | Shashank Ram <rams@vmware.com> | 2017-06-15 15:15:47 -0700 |
|---|---|---|
| committer | Gurucharan Shetty <guru@ovn.org> | 2017-06-22 12:32:41 -0700 |
| commit | 9d71ade0cf5bb6a43f387f5a4765a79f82b0f09d (patch) | |
| tree | 037962946983acb70abd5472de3b618988269392 /datapath-windows/ovsext/User.c | |
| parent | 6c6204b67886ff9b051417376ab69d64191c35f4 (diff) | |
| download | openvswitch-9d71ade0cf5bb6a43f387f5a4765a79f82b0f09d.tar.gz | |
datapath-windows: Add validations for IP_HEADER_LEN
Adds validations in OvsGetIp() to make sure the IHL is
within valid bounds. If IHL is invalid, then the packet
is dropped by the callers of this function.
Signed-off-by: Shashank Ram <rams@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Diffstat (limited to 'datapath-windows/ovsext/User.c')
| -rw-r--r-- | datapath-windows/ovsext/User.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/User.c b/datapath-windows/ovsext/User.c index 78802200f..22ee7afe2 100644 --- a/datapath-windows/ovsext/User.c +++ b/datapath-windows/ovsext/User.c @@ -465,6 +465,11 @@ OvsExecuteDpIoctl(OvsPacketExecute *execute) ndisStatus = OvsExtractFlow(pNbl, execute->inPort, &key, &layers, tempTunKey.tunKey.dst == 0 ? NULL : &tempTunKey.tunKey); + if (ndisStatus != NDIS_STATUS_SUCCESS) { + /* Invalid network header */ + goto dropit; + } + ctx = (POVS_BUFFER_CONTEXT)NET_BUFFER_LIST_CONTEXT_DATA_START(pNbl); ctx->mru = execute->mru; |