diff options
author | Benoît Ganne <bganne@cisco.com> | 2019-07-09 13:50:35 +0200 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2019-07-09 14:32:19 +0000 |
commit | 3f5ebed6ea3a024b7396afe81f895719a8286681 (patch) | |
tree | 0e6bb672366cb1c659ece8e60d39d9275bde6ec7 /src/vnet/fib | |
parent | 57783efb822699ee5acc637580ca855fb9b7e4cc (diff) |
fib: fix urpf_itfs vector overflow
When removing duplicates in urpf_itfs vector we search for the 1st next
different entry in the vector, but the loop test is in the wrong order:
(urpf->furpf_itfs[i] == urpf->furpf_itfs[j]
&& j < vec_len(urpf->furpf_itfs))
We must check for overflow before checking equality.
Type: fix
Fixes: 3ee44040c66cbe47ff292ac7fb0badccbe2afe6d
Change-Id: I63729aff12057d5abce6c24ec24339cd9cd79494
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/fib')
-rw-r--r-- | src/vnet/fib/fib_urpf_list.c | 61 |
1 files changed, 16 insertions, 45 deletions
diff --git a/src/vnet/fib/fib_urpf_list.c b/src/vnet/fib/fib_urpf_list.c index a895729e91a..bd225142a1d 100644 --- a/src/vnet/fib/fib_urpf_list.c +++ b/src/vnet/fib/fib_urpf_list.c @@ -132,8 +132,7 @@ static int fib_urpf_itf_cmp_for_sort (void * v1, void * v2) { - fib_node_index_t *i1 = v1, *i2 = v2; - + const adj_index_t *i1 = v1, *i2 = v2; return (*i2 < *i1); } @@ -151,49 +150,21 @@ fib_urpf_list_bake (index_t ui) ASSERT(!(urpf->furpf_flags & FIB_URPF_LIST_BAKED)); if (vec_len(urpf->furpf_itfs) > 1) - { - u32 i,j; - - /* - * cat list | sort | uniq > rpf_list - */ - vec_sort_with_function(urpf->furpf_itfs, fib_urpf_itf_cmp_for_sort); - - i = 0, j = 1; - while (j < vec_len(urpf->furpf_itfs)) - { - if (urpf->furpf_itfs[i] == urpf->furpf_itfs[j]) - { - /* - * the itfacenct entries are the same. - * search forward for a unique one - */ - while (urpf->furpf_itfs[i] == urpf->furpf_itfs[j] && - j < vec_len(urpf->furpf_itfs)) - { - j++; - } - if (j == vec_len(urpf->furpf_itfs)) - { - /* - * ran off the end without finding a unique index. - * we are done. - */ - break; - } - else - { - urpf->furpf_itfs[i+1] = urpf->furpf_itfs[j]; - } - } - i++, j++; - } - - /* - * set the length of the vector to the number of unique itfs - */ - _vec_len(urpf->furpf_itfs) = i+1; - } + { + u32 i, j; + /* + * cat list | sort | uniq > rpf_list + */ + /* sort */ + vec_sort_with_function(urpf->furpf_itfs, fib_urpf_itf_cmp_for_sort); + /* remove duplicates */ + i = 0; + for (j=1; j<vec_len(urpf->furpf_itfs); j++) + if (urpf->furpf_itfs[i] != urpf->furpf_itfs[j]) + urpf->furpf_itfs[++i] = urpf->furpf_itfs[j]; + /* set the length of the vector to the number of unique itfs */ + _vec_len(urpf->furpf_itfs) = i+1; + } urpf->furpf_flags |= FIB_URPF_LIST_BAKED; } |