From 54223ee25756faa0ced82c5bcb9a8ac633ccdbd8 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Wed, 2 Mar 2022 21:06:30 -0800
Subject: vcl: validate vls_epoll_ctl inputs

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I315ef0122ccb21ccfef117a58b1dc998127618ce
---
 src/vcl/vcl_locked.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/vcl/vcl_locked.c')

diff --git a/src/vcl/vcl_locked.c b/src/vcl/vcl_locked.c
index 5ec553e2c8b..f6df0fbd5b7 100644
--- a/src/vcl/vcl_locked.c
+++ b/src/vcl/vcl_locked.c
@@ -1481,17 +1481,33 @@ vls_epoll_ctl (vls_handle_t ep_vlsh, int op, vls_handle_t vlsh,
 
   vls_mt_detect ();
   vls_mt_pool_rlock ();
+
   ep_vls = vls_get_and_lock (ep_vlsh);
+  if (PREDICT_FALSE (!ep_vls))
+    {
+      vls_mt_pool_runlock ();
+      return VPPCOM_EBADFD;
+    }
 
   if (vls_mt_session_should_migrate (ep_vls))
     {
       ep_vls = vls_mt_session_migrate (ep_vls);
       if (PREDICT_FALSE (!ep_vls))
-	return VPPCOM_EBADFD;
+	{
+	  vls_mt_pool_runlock ();
+	  return VPPCOM_EBADFD;
+	}
     }
 
-  ep_sh = vls_to_sh (ep_vls);
   vls = vls_get_and_lock (vlsh);
+  if (PREDICT_FALSE (!vls))
+    {
+      vls_unlock (ep_vls);
+      vls_mt_pool_runlock ();
+      return VPPCOM_EBADFD;
+    }
+
+  ep_sh = vls_to_sh (ep_vls);
   sh = vls_to_sh (vls);
 
   vls_epoll_ctl_mp_checks (vls, op);
-- 
cgit 1.2.3-korg