fix vector index range checks

Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e
Signed-off-by: Eyal Bari <ebari@cisco.com>

2 files changed, 5 insertions, 10 deletions

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 56bd530ca72..8f2be5d197b 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1418,7 +1418,7 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
     }
   else
     {
-      if (sw_if_index > vec_len (*pinout_acl_vec_by_sw_if_index))
+      if (sw_if_index >= vec_len (*pinout_acl_vec_by_sw_if_index))
 	{
 	  rv = VNET_API_ERROR_NO_SUCH_ENTRY;
 	  goto done;
@@ -3457,7 +3457,7 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index)
   int i;
 
   /* Don't try to print someone else's memory */
-  if (macip_acl_index > vec_len (am->macip_acls))
+  if (macip_acl_index >= vec_len (am->macip_acls))
     return;
 
   macip_acl_list_t *a = vec_elt_at_index (am->macip_acls, macip_acl_index);
diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h
index 4d5dfe7587a..0d7c1e4ace7 100644
--- a/src/plugins/acl/session_inlines.h
+++ b/src/plugins/acl/session_inlines.h
@@ -120,15 +120,10 @@ always_inline fa_session_t *
 get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
 {
   acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
-  if (session_index > vec_len (pw->fa_sessions_pool))
-    {
-      return 0;
-    }
+  if (session_index >= vec_len (pw->fa_sessions_pool))
+    return 0;
 
-  fa_session_t *sess = (session_index > vec_len (pw->fa_sessions_pool)) ? 0 :
-    pool_elt_at_index (pw->fa_sessions_pool,
-		       session_index);
-  return sess;
+  return pool_elt_at_index (pw->fa_sessions_pool, session_index);
 }
 
 always_inline int