From 42188537172f4e1e633a0fb36ace5a522c730a32 Mon Sep 17 00:00:00 2001
From: Roey Chen <roeyc@vmware.com>
Date: Fri, 24 Jul 2015 11:17:19 -0700
Subject: [PATCH] Fixing ICMP type and code validation

The case where type is not specifed (None) but the code is '0' will not
result in an error, as it should.

APIImpact

Closes-Bug: #1480966
Change-Id: I878b13ec46a93947765227c40282efa9a7e02ca8
---
 neutron/db/securitygroups_db.py                    |  2 +-
 .../tests/unit/extensions/test_securitygroup.py    | 14 ++++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index 49b4f0913..bc5ad3a42 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -441,7 +441,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
                     raise ext_sg.SecurityGroupInvalidIcmpValue(
                         field=field, attr=attr, value=rule[attr])
             if (rule['port_range_min'] is None and
-                    rule['port_range_max']):
+                    rule['port_range_max'] is not None):
                 raise ext_sg.SecurityGroupMissingIcmpType(
                     value=rule['port_range_max'])
 
diff --git a/neutron/tests/unit/extensions/test_securitygroup.py b/neutron/tests/unit/extensions/test_securitygroup.py
index 44e816ba0..7ff4c2b20 100644
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@@ -1029,12 +1029,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
         with self.security_group(name, description) as sg:
             security_group_id = sg['security_group']['id']
             with self.security_group_rule(security_group_id):
-                rule = self._build_security_group_rule(
-                    sg['security_group']['id'], 'ingress',
-                    const.PROTO_NAME_ICMP, None, '2')
-                res = self._create_security_group_rule(self.fmt, rule)
-                self.deserialize(self.fmt, res)
-                self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
+                for code in ['2', '0']:
+                    rule = self._build_security_group_rule(
+                        sg['security_group']['id'], 'ingress',
+                        const.PROTO_NAME_ICMP, None, code)
+                    res = self._create_security_group_rule(self.fmt, rule)
+                    self.deserialize(self.fmt, res)
+                    self.assertEqual(res.status_int,
+                                     webob.exc.HTTPBadRequest.code)
 
     def test_list_ports_security_group(self):
         with self.network() as n:
-- 
2.45.2