diff options
| author |   Steven Luong <sluong@cisco.com> | 2024-11-06 13:47:26 -0800 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2024-11-08 17:26:46 +0000 |
| commit | e38d9470742ac9357515d51468ea9a6ab8c9f8f6 (patch) | |
| tree | 862b4737254917fe37bcb76fc6125db3f1c4213b | |
| parent | 7fdb6f4ba8dd7f934d2eb212b478086565d3d807 (diff) | |
session: validate appns index in vnet_session_rule_add_del
vnet_session_rule_add_del may be called with a bogus appns index
from the API. Validate the appns index is indeed valid.
Type: fix
Change-Id: Ife1b5b9ab0b180ececa74008d2ef92045a9e8b58
Signed-off-by: Steven Luong <sluong@cisco.com>
| -rw-r--r-- | src/vnet/session/application_namespace.c | 8 | ||||
| -rw-r--r-- | src/vnet/session/application_namespace.h | 1 | ||||
| -rw-r--r-- | src/vnet/session/session_lookup.c | 4 | ||||
| -rw-r--r-- | test/asf/test_session.py | 21 |
4 files changed, 30 insertions, 4 deletions
diff --git a/src/vnet/session/application_namespace.c b/src/vnet/session/application_namespace.c index 2507f37043c..f5b70a9c4cf 100644 --- a/src/vnet/session/application_namespace.c +++ b/src/vnet/session/application_namespace.c @@ -52,6 +52,14 @@ app_namespace_get (u32 index) } app_namespace_t * +app_namespace_get_if_valid (u32 index) +{ + if (pool_is_free_index (app_namespace_pool, index)) + return 0; + return pool_elt_at_index (app_namespace_pool, index); +} + +app_namespace_t * app_namespace_get_from_id (const u8 *ns_id) { u32 index = app_namespace_index_from_id (ns_id); diff --git a/src/vnet/session/application_namespace.h b/src/vnet/session/application_namespace.h index b441e3c48f2..63ff7cc58a2 100644 --- a/src/vnet/session/application_namespace.h +++ b/src/vnet/session/application_namespace.h @@ -77,6 +77,7 @@ typedef struct _vnet_app_namespace_add_del_args app_namespace_t *app_namespace_alloc (const u8 *ns_id); app_namespace_t *app_namespace_get (u32 index); +app_namespace_t *app_namespace_get_if_valid (u32 index); app_namespace_t *app_namespace_get_from_id (const u8 *ns_id); u32 app_namespace_index (app_namespace_t * app_ns); const u8 *app_namespace_id (app_namespace_t * app_ns); diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c index fa2051aa8ee..3a99c0b5aaf 100644 --- a/src/vnet/session/session_lookup.c +++ b/src/vnet/session/session_lookup.c @@ -1383,7 +1383,7 @@ session_lookup_connection (u32 fib_index, ip46_address_t * lcl, session_error_t vnet_session_rule_add_del (session_rule_add_del_args_t *args) { - app_namespace_t *app_ns = app_namespace_get (args->appns_index); + app_namespace_t *app_ns = app_namespace_get_if_valid (args->appns_index); session_table_t *st; u32 fib_index; u8 fib_proto; @@ -1404,6 +1404,8 @@ vnet_session_rule_add_del (session_rule_add_del_args_t *args) fib_proto = args->table_args.rmt.fp_proto; fib_index = app_namespace_get_fib_index (app_ns, fib_proto); st = session_table_get_for_fib_index (fib_proto, fib_index); + if (!st) + return SESSION_E_INVALID; session_rules_table_init (st, fib_proto); if ((rv = session_rules_table_add_del ( st->srtg_handle, args->transport_proto, &args->table_args))) diff --git a/test/asf/test_session.py b/test/asf/test_session.py index 7850f2270da..fe8da126195 100644 --- a/test/asf/test_session.py +++ b/test/asf/test_session.py @@ -189,9 +189,6 @@ class TestApplicationNamespace(VppAsfTestCase): self.assertEqual(dump[1].appns_index[0], 0) self.assertEqual(dump[1].appns_index[1], app0.appns_index) - self.vapi.app_namespace_add_del_v4( - namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0 - ) self.vapi.session_rule_add_del( transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP, lcl="172.100.1.1/32", @@ -203,6 +200,24 @@ class TestApplicationNamespace(VppAsfTestCase): scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL, is_add=0, ) + self.vapi.app_namespace_add_del_v4( + namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0 + ) + + # test bad appns index for the API + with self.vapi.assert_negative_api_retval(): + rv = self.vapi.session_rule_add_del( + transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP, + lcl="172.100.1.1/32", + rmt="172.100.1.2/32", + lcl_port=5000, + rmt_port=5000, + action_index=1, + appns_index=10, + scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL, + is_add=1, + ) + self.assertEqual(rv.retval, -1) @tag_fixme_vpp_workers |