tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

openvswitch: Fix IPv6 exthdr handling with ct helpers.

Static code analysis reveals the following bug:

net/openvswitch/conntrack.c:281 ovs_ct_helper()
warn: unsigned 'protoff' is never less than zero.

This signedness bug breaks error handling for IPv6 extension headers when
using conntrack helpers. Fix the error by using a local signed variable.

Fixes: cae3a2627520: "openvswitch: Allow attaching helpers to ct
action"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Joe Stringer and committed by
David S. Miller cc570605 37a1d361

+5 -3
+5 -3
net/openvswitch/conntrack.c
··· 275 275 case NFPROTO_IPV6: { 276 276 u8 nexthdr = ipv6_hdr(skb)->nexthdr; 277 277 __be16 frag_off; 278 + int ofs; 278 279 279 - protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 280 - &nexthdr, &frag_off); 281 - if (protoff < 0 || (frag_off & htons(~0x7)) != 0) { 280 + ofs = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, 281 + &frag_off); 282 + if (ofs < 0 || (frag_off & htons(~0x7)) != 0) { 282 283 pr_debug("proto header not found\n"); 283 284 return NF_ACCEPT; 284 285 } 286 + protoff = ofs; 285 287 break; 286 288 } 287 289 default: