From 9dec76be0f7a255f60ed64ed3f8dad7edc4fb83e Mon Sep 17 00:00:00 2001 From: Dave Wallace Date: Mon, 22 Jan 2024 23:05:39 -0500 Subject: fib: coverity 335348 out-of-bounds access - also fix memory leak in adj_glean_walk_proto() Type: fix Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367 Signed-off-by: Dave Wallace --- src/vnet/adj/adj_glean.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/vnet/adj/adj_glean.c b/src/vnet/adj/adj_glean.c index 0313407b6f1..ceece0d74ed 100644 --- a/src/vnet/adj/adj_glean.c +++ b/src/vnet/adj/adj_glean.c @@ -45,7 +45,7 @@ adj_glean_db_lookup (fib_protocol_t proto, { uword *p; - if (vec_len(adj_gleans[proto]) <= sw_if_index) + if ((proto >= FIB_PROTOCOL_IP_MAX) || vec_len(adj_gleans[proto]) <= sw_if_index) return (ADJ_INDEX_INVALID); p = hash_get_mem (adj_gleans[proto][sw_if_index], nh_addr); @@ -66,6 +66,7 @@ adj_glean_db_insert (fib_protocol_t proto, vlib_worker_thread_barrier_sync(vm); + ASSERT(proto < FIB_PROTOCOL_IP_MAX); vec_validate(adj_gleans[proto], sw_if_index); if (NULL == adj_gleans[proto][sw_if_index]) @@ -195,6 +196,7 @@ adj_glean_walk_proto (fib_protocol_t proto, adj_index_t ai, *aip, *ais = NULL; ip46_address_t *conn; + ASSERT(proto < FIB_PROTOCOL_IP_MAX); if (vec_len(adj_gleans[proto]) <= sw_if_index || NULL == adj_gleans[proto][sw_if_index]) return; @@ -212,7 +214,7 @@ adj_glean_walk_proto (fib_protocol_t proto, vec_foreach(aip, ais) { if (ADJ_WALK_RC_STOP == cb(*aip, data)) - return; + break; } vec_free(ais); } @@ -244,6 +246,7 @@ adj_glean_get (fib_protocol_t proto, ip46_address_t *conn; adj_index_t ai; + ASSERT(proto < FIB_PROTOCOL_IP_MAX); if (vec_len(adj_gleans[proto]) <= sw_if_index || NULL == adj_gleans[proto][sw_if_index]) return (ADJ_INDEX_INVALID); @@ -265,6 +268,7 @@ adj_glean_get_src (fib_protocol_t proto, const ip_adjacency_t *adj; adj_index_t ai; + ASSERT(proto < FIB_PROTOCOL_IP_MAX); if (vec_len(adj_gleans[proto]) <= sw_if_index || NULL == adj_gleans[proto][sw_if_index]) return (NULL); -- cgit 1.2.3-korg