diff options
| author |   Eyal Bari <ebari@cisco.com> | 2018-07-22 12:45:15 +0300 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2018-07-24 15:15:25 +0000 |
| commit | 456ded496f93eb8156dc6e7b5a81d4a3aa604f60 (patch) | |
| tree | 426faba1e7096e963e3d36c61d19c0fea9175205 | |
| parent | c16a23c596169e76ee2b5091e2605c543659393d (diff) | |
fix vector index range checks (VPP-1353)
Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e
Signed-off-by: Eyal Bari <ebari@cisco.com>
(cherry picked from commit cd30774fa9280736ffaea3e9a51948593e8eebc2)
Signed-off-by: John Lo <loj@cisco.com>
| -rw-r--r-- | src/plugins/acl/acl.c | 4 | ||||
| -rw-r--r-- | src/plugins/acl/session_inlines.h | 11 | ||||
| -rw-r--r-- | src/plugins/dpdk/device/flow.c | 5 | ||||
| -rw-r--r-- | src/svm/svm_fifo_segment.c | 2 | ||||
| -rw-r--r-- | src/vnet/gre/interface.c | 2 | ||||
| -rw-r--r-- | src/vnet/ip/ip6_neighbor.c | 2 | ||||
| -rw-r--r-- | src/vnet/ipip/ipip.c | 2 | ||||
| -rw-r--r-- | src/vnet/mpls/interface.c | 2 | ||||
| -rw-r--r-- | src/vnet/mpls/mpls_tunnel.c | 2 | ||||
| -rw-r--r-- | src/vnet/unix/gdb_funcs.c | 2 | ||||
| -rw-r--r-- | src/vnet/util/trajectory.c | 2 | ||||
| -rw-r--r-- | src/vnet/vxlan/vxlan.c | 2 |
12 files changed, 16 insertions, 22 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 192dc041d55..2076e5cf5c5 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -1413,7 +1413,7 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input, } else { - if (sw_if_index > vec_len (*pinout_acl_vec_by_sw_if_index)) + if (sw_if_index >= vec_len (*pinout_acl_vec_by_sw_if_index)) { rv = VNET_API_ERROR_NO_SUCH_ENTRY; goto done; @@ -3452,7 +3452,7 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index) int i; /* Don't try to print someone else's memory */ - if (macip_acl_index > vec_len (am->macip_acls)) + if (macip_acl_index >= vec_len (am->macip_acls)) return; macip_acl_list_t *a = vec_elt_at_index (am->macip_acls, macip_acl_index); diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h index 4d5dfe7587a..0d7c1e4ace7 100644 --- a/src/plugins/acl/session_inlines.h +++ b/src/plugins/acl/session_inlines.h @@ -120,15 +120,10 @@ always_inline fa_session_t * get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index) { acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index]; - if (session_index > vec_len (pw->fa_sessions_pool)) - { - return 0; - } + if (session_index >= vec_len (pw->fa_sessions_pool)) + return 0; - fa_session_t *sess = (session_index > vec_len (pw->fa_sessions_pool)) ? 0 : - pool_elt_at_index (pw->fa_sessions_pool, - session_index); - return sess; + return pool_elt_at_index (pw->fa_sessions_pool, session_index); } always_inline int diff --git a/src/plugins/dpdk/device/flow.c b/src/plugins/dpdk/device/flow.c index becd39704b8..351390b6d34 100644 --- a/src/plugins/dpdk/device/flow.c +++ b/src/plugins/dpdk/device/flow.c @@ -368,11 +368,10 @@ format_dpdk_flow (u8 * s, va_list * args) return s; } - fe = vec_elt_at_index (xd->flow_entries, private_data); - - if (!fe) + if (private_data >= vec_len (xd->flow_entries)) return format (s, "unknown flow"); + fe = vec_elt_at_index (xd->flow_entries, private_data); s = format (s, "mark %u", fe->mark); return s; } diff --git a/src/svm/svm_fifo_segment.c b/src/svm/svm_fifo_segment.c index 7c6d80229ad..800278229c9 100644 --- a/src/svm/svm_fifo_segment.c +++ b/src/svm/svm_fifo_segment.c @@ -551,7 +551,7 @@ svm_fifo_segment_num_free_fifos (svm_fifo_segment_private_t * fifo_segment, freelist_index = max_log2 (rounded_data_size) - max_log2 (FIFO_SEGMENT_MIN_FIFO_SIZE); - if (freelist_index > vec_len (fsh->free_fifos)) + if (freelist_index >= vec_len (fsh->free_fifos)) return 0; f = fsh->free_fifos[freelist_index]; diff --git a/src/vnet/gre/interface.c b/src/vnet/gre/interface.c index 0822cd74b52..70c6c4df3b3 100644 --- a/src/vnet/gre/interface.c +++ b/src/vnet/gre/interface.c @@ -135,7 +135,7 @@ gre_tunnel_stack (adj_index_t ai) adj = adj_get (ai); sw_if_index = adj->rewrite_header.sw_if_index; - if ((vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index) || + if ((vec_len (gm->tunnel_index_by_sw_if_index) <= sw_if_index) || (~0 == gm->tunnel_index_by_sw_if_index[sw_if_index])) return; diff --git a/src/vnet/ip/ip6_neighbor.c b/src/vnet/ip/ip6_neighbor.c index a6227fc413a..e3919383efc 100644 --- a/src/vnet/ip/ip6_neighbor.c +++ b/src/vnet/ip/ip6_neighbor.c @@ -4239,7 +4239,7 @@ ip6_get_ll_address (u32 sw_if_index, ip6_address_t * addr) ip6_radv_t *radv_info; u32 ri; - if (vec_len (nm->if_radv_pool_index_by_sw_if_index) < sw_if_index) + if (vec_len (nm->if_radv_pool_index_by_sw_if_index) <= sw_if_index) return 0; ri = nm->if_radv_pool_index_by_sw_if_index[sw_if_index]; diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c index a47704a62e6..c49be099d9a 100644 --- a/src/vnet/ipip/ipip.c +++ b/src/vnet/ipip/ipip.c @@ -355,7 +355,7 @@ ipip_tunnel_t * ipip_tunnel_db_find_by_sw_if_index (u32 sw_if_index) { ipip_main_t *gm = &ipip_main; - if (vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index) + if (vec_len (gm->tunnel_index_by_sw_if_index) <= sw_if_index) return NULL; u32 ti = gm->tunnel_index_by_sw_if_index[sw_if_index]; if (ti == ~0) diff --git a/src/vnet/mpls/interface.c b/src/vnet/mpls/interface.c index c792d56b12e..ec541f760de 100644 --- a/src/vnet/mpls/interface.c +++ b/src/vnet/mpls/interface.c @@ -29,7 +29,7 @@ mpls_sw_interface_is_enabled (u32 sw_if_index) { mpls_main_t * mm = &mpls_main; - if (vec_len(mm->mpls_enabled_by_sw_if_index) < sw_if_index) + if (vec_len(mm->mpls_enabled_by_sw_if_index) <= sw_if_index) return (0); return (mm->mpls_enabled_by_sw_if_index[sw_if_index]); diff --git a/src/vnet/mpls/mpls_tunnel.c b/src/vnet/mpls/mpls_tunnel.c index a142edf3f0a..84d569bcfee 100644 --- a/src/vnet/mpls/mpls_tunnel.c +++ b/src/vnet/mpls/mpls_tunnel.c @@ -52,7 +52,7 @@ static const char *mpls_tunnel_attribute_names[] = MPLS_TUNNEL_ATTRIBUTES; static mpls_tunnel_t* mpls_tunnel_get_from_sw_if_index (u32 sw_if_index) { - if ((vec_len(mpls_tunnel_db) < sw_if_index) || + if ((vec_len(mpls_tunnel_db) <= sw_if_index) || (~0 == mpls_tunnel_db[sw_if_index])) return (NULL); diff --git a/src/vnet/unix/gdb_funcs.c b/src/vnet/unix/gdb_funcs.c index 41ae3bdca67..d78773edf07 100644 --- a/src/vnet/unix/gdb_funcs.c +++ b/src/vnet/unix/gdb_funcs.c @@ -131,7 +131,7 @@ vlib_runtime_index_to_node_name (u32 index) vlib_main_t *vm = vlib_get_main (); vlib_node_main_t *nm = &vm->node_main; - if (index > vec_len (nm->nodes)) + if (index >= vec_len (nm->nodes)) { fformat (stderr, "%d out of range, max %d\n", vec_len (nm->nodes)); return; diff --git a/src/vnet/util/trajectory.c b/src/vnet/util/trajectory.c index 91812dcba58..2538c7ee64a 100644 --- a/src/vnet/util/trajectory.c +++ b/src/vnet/util/trajectory.c @@ -44,7 +44,7 @@ vnet_dump_trajectory_trace (vlib_main_t * vm, u32 bi) node_index = trace[i]; - if (node_index > vec_len (vnm->nodes)) + if (node_index >= vec_len (vnm->nodes)) { fformat (stderr, "Skip bogus node index %d\n", node_index); continue; diff --git a/src/vnet/vxlan/vxlan.c b/src/vnet/vxlan/vxlan.c index e1ee3486b4b..f0312bed9b1 100644 --- a/src/vnet/vxlan/vxlan.c +++ b/src/vnet/vxlan/vxlan.c @@ -1124,7 +1124,7 @@ vnet_vxlan_get_tunnel_index (u32 sw_if_index) { vxlan_main_t *vxm = &vxlan_main; - if (sw_if_index > vec_len (vxm->tunnel_index_by_sw_if_index)) + if (sw_if_index >= vec_len (vxm->tunnel_index_by_sw_if_index)) return ~0; return vxm->tunnel_index_by_sw_if_index[sw_if_index]; } |