Thanks Justin, In networking-ovn (the OVN driver for OpenStack Neutron) we are seem an IPv6 related test failure right now [0] and I can confirm that after I've applied this patch locally and re-ran the test it works again.
[0] http://logs.openstack.org/59/570459/2/check/networking-ovn-tempest-dsvm-ovs-release/4b5bb1d/logs/testr_results.html.gz (the link will eventually expire) Acked-By: Lucas Alvares Gomes <lucasago...@gmail.com> On Sat, Jul 14, 2018 at 9:33 PM Justin Pettit <jpet...@ovn.org> wrote: > > This reverts commit 0760bd61a666e9fa866fcb5ed67f48f34895d2f6. > > This patch was a cherry-pick from a bug fix in the master branch that > fixed an overread for IPv6 packets. However, the backport introduced a > problem in older branches, since the code path is different. In the > master branch, this check is done on the raw packet data, which starts > at the beginning of the IPv6 packet. In older branches, this check is > done after a call to data_pull(), which subtracts the IPv6 header length > from the 'size' variable. This means that valid IPv6 packets aren't > being processed since the check thinks they are too long. > > CC: Ben Pfaff <b...@ovn.org> > Fixes: 0760bd61a66 ("flow: Fix buffer overread for crafted IPv6 packets.") > Signed-off-by: Justin Pettit <jpet...@ovn.org> > > --- > This patch should be backported to older branches starting with branch-2.9. > --- > lib/flow.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/flow.c b/lib/flow.c > index c78f46d6c15a..f9d7c2a74007 100644 > --- a/lib/flow.c > +++ b/lib/flow.c > @@ -804,7 +804,7 @@ miniflow_extract(struct dp_packet *packet, struct > miniflow *dst) > nh = data_pull(&data, &size, sizeof *nh); > > plen = ntohs(nh->ip6_plen); > - if (OVS_UNLIKELY(plen + IPV6_HEADER_LEN > size)) { > + if (OVS_UNLIKELY(plen > size)) { > goto out; > } > /* Jumbo Payload option not supported yet. */ > -- > 2.17.1 > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
