Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
acl: fix the integer overflow bug in API message length validation logic
[vpp.git]
/
src
/
plugins
/
acl
/
acl.c
diff --git
a/src/plugins/acl/acl.c
b/src/plugins/acl/acl.c
index
ba4243c
..
dcca2a2
100644
(file)
--- a/
src/plugins/acl/acl.c
+++ b/
src/plugins/acl/acl.c
@@
-1772,7
+1772,7
@@
macip_acl_interface_add_del_acl (u32 sw_if_index, u8 is_add,
*
*/
static int
*
*/
static int
-verify_message_len (void *mp, u
32
expected_len, char *where)
+verify_message_len (void *mp, u
64
expected_len, char *where)
{
u32 supplied_len = vl_msg_api_get_msg_length (mp);
if (supplied_len < expected_len)
{
u32 supplied_len = vl_msg_api_get_msg_length (mp);
if (supplied_len < expected_len)
@@
-1796,7
+1796,7
@@
vl_api_acl_add_replace_t_handler (vl_api_acl_add_replace_t * mp)
int rv;
u32 acl_list_index = ntohl (mp->acl_index);
u32 acl_count = ntohl (mp->count);
int rv;
u32 acl_list_index = ntohl (mp->acl_index);
u32 acl_count = ntohl (mp->count);
- u
32
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+ u
64
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
if (verify_message_len (mp, expected_len, "acl_add_replace"))
{
if (verify_message_len (mp, expected_len, "acl_add_replace"))
{
@@
-2085,7
+2085,7
@@
vl_api_macip_acl_add_t_handler (vl_api_macip_acl_add_t * mp)
int rv;
u32 acl_list_index = ~0;
u32 acl_count = ntohl (mp->count);
int rv;
u32 acl_list_index = ~0;
u32 acl_count = ntohl (mp->count);
- u
32
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+ u
64
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
if (verify_message_len (mp, expected_len, "macip_acl_add"))
{
if (verify_message_len (mp, expected_len, "macip_acl_add"))
{
@@
-2112,7
+2112,7
@@
vl_api_macip_acl_add_replace_t_handler (vl_api_macip_acl_add_replace_t * mp)
int rv;
u32 acl_list_index = ntohl (mp->acl_index);
u32 acl_count = ntohl (mp->count);
int rv;
u32 acl_list_index = ntohl (mp->acl_index);
u32 acl_count = ntohl (mp->count);
- u
32
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+ u
64
expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
if (verify_message_len (mp, expected_len, "macip_acl_add_replace"))
{
if (verify_message_len (mp, expected_len, "macip_acl_add_replace"))
{