From e38d9470742ac9357515d51468ea9a6ab8c9f8f6 Mon Sep 17 00:00:00 2001
From: Steven Luong <sluong@cisco.com>
Date: Wed, 6 Nov 2024 13:47:26 -0800
Subject: session: validate appns index in vnet_session_rule_add_del

vnet_session_rule_add_del may be called with a bogus appns index
from the API. Validate the appns index is indeed valid.

Type: fix

Change-Id: Ife1b5b9ab0b180ececa74008d2ef92045a9e8b58
Signed-off-by: Steven Luong <sluong@cisco.com>
---
 src/vnet/session/application_namespace.c | 8 ++++++++
 src/vnet/session/application_namespace.h | 1 +
 src/vnet/session/session_lookup.c        | 4 +++-
 3 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/vnet/session/application_namespace.c b/src/vnet/session/application_namespace.c
index 2507f37043c..f5b70a9c4cf 100644
--- a/src/vnet/session/application_namespace.c
+++ b/src/vnet/session/application_namespace.c
@@ -51,6 +51,14 @@ app_namespace_get (u32 index)
   return pool_elt_at_index (app_namespace_pool, index);
 }
 
+app_namespace_t *
+app_namespace_get_if_valid (u32 index)
+{
+  if (pool_is_free_index (app_namespace_pool, index))
+    return 0;
+  return pool_elt_at_index (app_namespace_pool, index);
+}
+
 app_namespace_t *
 app_namespace_get_from_id (const u8 *ns_id)
 {
diff --git a/src/vnet/session/application_namespace.h b/src/vnet/session/application_namespace.h
index b441e3c48f2..63ff7cc58a2 100644
--- a/src/vnet/session/application_namespace.h
+++ b/src/vnet/session/application_namespace.h
@@ -77,6 +77,7 @@ typedef struct _vnet_app_namespace_add_del_args
 
 app_namespace_t *app_namespace_alloc (const u8 *ns_id);
 app_namespace_t *app_namespace_get (u32 index);
+app_namespace_t *app_namespace_get_if_valid (u32 index);
 app_namespace_t *app_namespace_get_from_id (const u8 *ns_id);
 u32 app_namespace_index (app_namespace_t * app_ns);
 const u8 *app_namespace_id (app_namespace_t * app_ns);
diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c
index fa2051aa8ee..3a99c0b5aaf 100644
--- a/src/vnet/session/session_lookup.c
+++ b/src/vnet/session/session_lookup.c
@@ -1383,7 +1383,7 @@ session_lookup_connection (u32 fib_index, ip46_address_t * lcl,
 session_error_t
 vnet_session_rule_add_del (session_rule_add_del_args_t *args)
 {
-  app_namespace_t *app_ns = app_namespace_get (args->appns_index);
+  app_namespace_t *app_ns = app_namespace_get_if_valid (args->appns_index);
   session_table_t *st;
   u32 fib_index;
   u8 fib_proto;
@@ -1404,6 +1404,8 @@ vnet_session_rule_add_del (session_rule_add_del_args_t *args)
       fib_proto = args->table_args.rmt.fp_proto;
       fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
       st = session_table_get_for_fib_index (fib_proto, fib_index);
+      if (!st)
+	return SESSION_E_INVALID;
       session_rules_table_init (st, fib_proto);
       if ((rv = session_rules_table_add_del (
 	     st->srtg_handle, args->transport_proto, &args->table_args)))
-- 
cgit 1.2.3-korg