Merge: net: openvswitch: fix overwriting ct original tuple for ICMPv6 [rhel-9.5.z]

MR: https://gitlab.com/redhat/rhel/src/kernel/rhel-9/-/merge_requests/2350

JIRA: https://issues.redhat.com/browse/RHEL-44213  
CVE: CVE-2024-38558  
  
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [[RHEL-44213](https://issues.redhat.com/browse/RHEL-44213)]   {[CVE-2024-38558](https://bugzilla.redhat.com/CVE-2024-38558)}  
  
Signed-off-by: Herton R. Krzesinski <[email protected]>

Approved-by: Eelco Chaudron <[email protected]>
Approved-by: Antoine Tenart <[email protected]>
Approved-by: CKI KWF Bot <[email protected]>

Merged-by: Lucas Zampieri <[email protected]>

Author: zampierilucas

net/openvswitch/flow.c

@@ -421,7 +421,6 @@ static int parse_icmpv6(struct sk_buff *skb, struct sw_flow_key *key,
 	 */
 	key->tp.src = htons(icmp->icmp6_type);
 	key->tp.dst = htons(icmp->icmp6_code);
-	memset(&key->ipv6.nd, 0, sizeof(key->ipv6.nd));
 
 	if (icmp->icmp6_code == 0 &&
 	    (icmp->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION ||
@@ -430,6 +429,8 @@ static int parse_icmpv6(struct sk_buff *skb, struct sw_flow_key *key,
 		struct nd_msg *nd;
 		int offset;
 
+		memset(&key->ipv6.nd, 0, sizeof(key->ipv6.nd));
+
 		/* In order to process neighbor discovery options, we need the
 		 * entire packet.
 		 */