flow: Avoid assertion failure on invalid IPv6 packet.

We compute the length of the IPv6 header by parsing all of the
extension headers that we know about.  However, the final result
is checked using ofpbuf_pull(), which checks the size with an
assertion.  Since the length of the final header is not checked
in any other way an invalid packet can trigger this assertion.

diff --git a/lib/flow.c b/lib/flow.c
index 879e462..6928f74 100644 (file)
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -414,7 +414,7 @@ flow_extract(struct ofpbuf *packet, ovs_be64 tun_id, uint16_t in_port,
             return 0;
         }
 
-        nh = ofpbuf_pull(&b, nh_len);
+        nh = ofpbuf_try_pull(&b, nh_len);
         if (nh) {
             packet->l4 = b.data;
             if (flow->nw_proto == IPPROTO_TCP) {