Check ICMP codes in range [0,255]

ICMP allows codes between 0 and 255, this change adds a check for codes range min value. DocImpact APIImpact Closes-Bug: #1486300 Change-Id: Ic7a49458448fad16447b914bb15742515661a851
2015-08-30 10:43:50 +08:00 · 2015-08-30 10:43:50 +08:00 · 91c476dcc5
parent 658897897d
commit 91c476dcc5
2 changed files with 2 additions and 1 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -438,7 +438,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
        elif ip_proto == constants.PROTO_NUM_ICMP:
            for attr, field in [('port_range_min', 'type'),
                                ('port_range_max', 'code')]:
-                if rule[attr] is not None and rule[attr] > 255:
+                if rule[attr] is not None and not (0 <= rule[attr] <= 255):
                    raise ext_sg.SecurityGroupInvalidIcmpValue(
                        field=field, attr=attr, value=rule[attr])
            if (rule['port_range_min'] is None and
--- a/neutron/tests/api/test_security_groups_negative.py
+++ b/neutron/tests/api/test_security_groups_negative.py
@ -148,6 +148,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):

        # Create rule for icmp protocol with invalid ports
        states = [(1, 256, 'Invalid value for ICMP code'),
+                  (-1, 25, 'Invalid value'),
                  (None, 6, 'ICMP type (port-range-min) is missing'),
                  (300, 1, 'Invalid value for ICMP type')]
        for pmin, pmax, msg in states: