summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorEyal Bari <ebari@cisco.com>2018-07-22 12:45:15 +0300
committerJohn Lo <loj@cisco.com>2018-07-23 15:37:01 +0000
commitcd30774fa9280736ffaea3e9a51948593e8eebc2 (patch)
tree3e9e17648b67bd344af21739d8f24504d3d9fccd /src/plugins/acl
parentb7d41fc18e43e4b839b6297d776c4a3e31fd1fb6 (diff)
fix vector index range checks
Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e Signed-off-by: Eyal Bari <ebari@cisco.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c4
-rw-r--r--src/plugins/acl/session_inlines.h11
2 files changed, 5 insertions, 10 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 56bd530ca72..8f2be5d197b 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1418,7 +1418,7 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
}
else
{
- if (sw_if_index > vec_len (*pinout_acl_vec_by_sw_if_index))
+ if (sw_if_index >= vec_len (*pinout_acl_vec_by_sw_if_index))
{
rv = VNET_API_ERROR_NO_SUCH_ENTRY;
goto done;
@@ -3457,7 +3457,7 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index)
int i;
/* Don't try to print someone else's memory */
- if (macip_acl_index > vec_len (am->macip_acls))
+ if (macip_acl_index >= vec_len (am->macip_acls))
return;
macip_acl_list_t *a = vec_elt_at_index (am->macip_acls, macip_acl_index);
diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h
index 4d5dfe7587a..0d7c1e4ace7 100644
--- a/src/plugins/acl/session_inlines.h
+++ b/src/plugins/acl/session_inlines.h
@@ -120,15 +120,10 @@ always_inline fa_session_t *
get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
{
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
- if (session_index > vec_len (pw->fa_sessions_pool))
- {
- return 0;
- }
+ if (session_index >= vec_len (pw->fa_sessions_pool))
+ return 0;
- fa_session_t *sess = (session_index > vec_len (pw->fa_sessions_pool)) ? 0 :
- pool_elt_at_index (pw->fa_sessions_pool,
- session_index);
- return sess;
+ return pool_elt_at_index (pw->fa_sessions_pool, session_index);
}
always_inline int