session: validate appns index in vnet_session_rule_add_del

vnet_session_rule_add_del may be called with a bogus appns index
from the API. Validate the appns index is indeed valid.

Type: fix

Change-Id: Ife1b5b9ab0b180ececa74008d2ef92045a9e8b58
Signed-off-by: Steven Luong <sluong@cisco.com>

diff --git a/src/vnet/session/application_namespace.c b/src/vnet/session/application_namespace.c
index 2507f37..f5b70a9 100644 (file)
--- a/src/vnet/session/application_namespace.c
+++ b/src/vnet/session/application_namespace.c
@@ -51,6 +51,14 @@ app_namespace_get (u32 index)
   return pool_elt_at_index (app_namespace_pool, index);
 }
 
+app_namespace_t *
+app_namespace_get_if_valid (u32 index)
+{
+  if (pool_is_free_index (app_namespace_pool, index))
+    return 0;
+  return pool_elt_at_index (app_namespace_pool, index);
+}
+
 app_namespace_t *
 app_namespace_get_from_id (const u8 *ns_id)
 {

diff --git a/src/vnet/session/application_namespace.h b/src/vnet/session/application_namespace.h
index b441e3c..63ff7cc 100644 (file)
--- a/src/vnet/session/application_namespace.h
+++ b/src/vnet/session/application_namespace.h
@@ -77,6 +77,7 @@ typedef struct _vnet_app_namespace_add_del_args
 
 app_namespace_t *app_namespace_alloc (const u8 *ns_id);
 app_namespace_t *app_namespace_get (u32 index);
+app_namespace_t *app_namespace_get_if_valid (u32 index);
 app_namespace_t *app_namespace_get_from_id (const u8 *ns_id);
 u32 app_namespace_index (app_namespace_t * app_ns);
 const u8 *app_namespace_id (app_namespace_t * app_ns);

diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c
index fa2051a..3a99c0b 100644 (file)
--- a/src/vnet/session/session_lookup.c
+++ b/src/vnet/session/session_lookup.c
@@ -1383,7 +1383,7 @@ session_lookup_connection (u32 fib_index, ip46_address_t * lcl,
 session_error_t
 vnet_session_rule_add_del (session_rule_add_del_args_t *args)
 {
-  app_namespace_t *app_ns = app_namespace_get (args->appns_index);
+  app_namespace_t *app_ns = app_namespace_get_if_valid (args->appns_index);
   session_table_t *st;
   u32 fib_index;
   u8 fib_proto;
@@ -1404,6 +1404,8 @@ vnet_session_rule_add_del (session_rule_add_del_args_t *args)
       fib_proto = args->table_args.rmt.fp_proto;
       fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
       st = session_table_get_for_fib_index (fib_proto, fib_index);
+      if (!st)
+       return SESSION_E_INVALID;
       session_rules_table_init (st, fib_proto);
       if ((rv = session_rules_table_add_del (
             st->srtg_handle, args->transport_proto, &args->table_args)))

diff --git a/test/asf/test_session.py b/test/asf/test_session.py
index 7850f22..fe8da12 100644 (file)
--- a/test/asf/test_session.py
+++ b/test/asf/test_session.py
@@ -189,9 +189,6 @@ class TestApplicationNamespace(VppAsfTestCase):
         self.assertEqual(dump[1].appns_index[0], 0)
         self.assertEqual(dump[1].appns_index[1], app0.appns_index)
 
-        self.vapi.app_namespace_add_del_v4(
-            namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0
-        )
         self.vapi.session_rule_add_del(
             transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP,
             lcl="172.100.1.1/32",
@@ -203,6 +200,24 @@ class TestApplicationNamespace(VppAsfTestCase):
             scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL,
             is_add=0,
         )
+        self.vapi.app_namespace_add_del_v4(
+            namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0
+        )
+
+        # test bad appns index for the API
+        with self.vapi.assert_negative_api_retval():
+            rv = self.vapi.session_rule_add_del(
+                transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP,
+                lcl="172.100.1.1/32",
+                rmt="172.100.1.2/32",
+                lcl_port=5000,
+                rmt_port=5000,
+                action_index=1,
+                appns_index=10,
+                scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL,
+                is_add=1,
+            )
+        self.assertEqual(rv.retval, -1)
 
 
 @tag_fixme_vpp_workers