On 5/16/2017 1:18 PM, Stephen Smalley wrote:
> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
>>
>> + if (subnet_prefix.s6_addr[2] || subnet_prefix.s6_addr[3]) {
>> + yyerror("subnet prefix should be 0's in the low
>> order 64 bits.");
>> + rc = -1;
>> + goto out;
>> + }
>> +
>> + memcpy(&newc->u.ibpkey.subnet_prefix[0],
>> &subnet_prefix.s6_addr[0],
>> + sizeof(newc->u.ibpkey.subnet_prefix));
>> +
>> + newc->u.ibpkey.low_pkey = low;
>> + newc->u.ibpkey.high_pkey = high;
> Kernel patch also rejects low or high > 0xffff, so we likely ought to
> do the same here?
Done
