Check ICMP codes in range [0,255]
ICMP allows codes between 0 and 255, this change adds a check for codes range min value. DocImpact APIImpact Closes-Bug: #1486300 Change-Id: Ic7a49458448fad16447b914bb15742515661a851
This commit is contained in:
parent
658897897d
commit
91c476dcc5
|
@ -438,7 +438,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
|||
elif ip_proto == constants.PROTO_NUM_ICMP:
|
||||
for attr, field in [('port_range_min', 'type'),
|
||||
('port_range_max', 'code')]:
|
||||
if rule[attr] is not None and rule[attr] > 255:
|
||||
if rule[attr] is not None and not (0 <= rule[attr] <= 255):
|
||||
raise ext_sg.SecurityGroupInvalidIcmpValue(
|
||||
field=field, attr=attr, value=rule[attr])
|
||||
if (rule['port_range_min'] is None and
|
||||
|
|
|
@ -148,6 +148,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
|
||||
# Create rule for icmp protocol with invalid ports
|
||||
states = [(1, 256, 'Invalid value for ICMP code'),
|
||||
(-1, 25, 'Invalid value'),
|
||||
(None, 6, 'ICMP type (port-range-min) is missing'),
|
||||
(300, 1, 'Invalid value for ICMP type')]
|
||||
for pmin, pmax, msg in states:
|
||||
|
|
Loading…
Reference in New Issue