datapath/flow_netlink: Validate IPv6 flow key and mask values.

Reject flow label key and mask values with invalid bits set. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
author: Jarno Rajahalme <jrajahalme@nicira.com> 2014-08-11 08:38:58 -0700
committer: Jarno Rajahalme <jrajahalme@nicira.com> 2014-08-11 09:05:59 -0700
commit: 677825392ce8021547db5007e048a3e900bdc6db (patch)
tree: ee03947dde41a2199326008292807fdc3f7d9a6c /datapath/flow_netlink.c
parent: 51cf5e71bbb3db50670a88588fc5f5837c9c99da (diff)
download: openvswitch-677825392ce8021547db5007e048a3e900bdc6db.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index 17aee026c..e525c9dee 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -678,6 +678,11 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
 				ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
 			return -EINVAL;
 		}
+		if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
+			OVS_NLERR("Invalid IPv6 flow label value (value=%x, max=%x).\n",
+				  ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
+			return -EINVAL;
+		}
 		SW_FLOW_KEY_PUT(match, ipv6.label,
 				ipv6_key->ipv6_label, is_mask);
 		SW_FLOW_KEY_PUT(match, ip.proto,
author	Jarno Rajahalme <jrajahalme@nicira.com>	2014-08-11 08:38:58 -0700
committer	Jarno Rajahalme <jrajahalme@nicira.com>	2014-08-11 09:05:59 -0700
commit	677825392ce8021547db5007e048a3e900bdc6db (patch)
tree	ee03947dde41a2199326008292807fdc3f7d9a6c /datapath/flow_netlink.c
parent	51cf5e71bbb3db50670a88588fc5f5837c9c99da (diff)
download	openvswitch-677825392ce8021547db5007e048a3e900bdc6db.tar.gz