openvswitch: Add length check when retrieving TCP flags.
authorJesse Gross <jesse@nicira.com>
Mon, 2 Apr 2012 21:26:27 +0000 (14:26 -0700)
committerVarun Wadekar <vwadekar@nvidia.com>
Fri, 18 May 2012 10:38:27 +0000 (15:38 +0530)
commitf2290faf29a2711c65ff2545e2ef5bc6097868bf
treeec6e2cf234eef5e64cf4ae7b000ccf81ce787920
parentf287439e3083ce9592386aed1f735baaf0755d6b
openvswitch: Add length check when retrieving TCP flags.

When collecting TCP flags we check that the IP header indicates that
a TCP header is present but not that the packet is actually long
enough to contain the header.  This adds a check to prevent reading
off the end of the packet.

In practice, this is only likely to result in reading of bad data and
not a crash due to the presence of struct skb_shared_info at the end
of the packet.

Signed-off-by: Jesse Gross <jesse@nicira.com>
net/openvswitch/flow.c