classify: Fix 2 coverity errors

Validate two tainted scalars, filter_sw_if_index, that
came from an API message.

Type: fix
Change-Id: I3ac8a09f91f380185e36babeaa6330691f7cb24b
Signed-off-by: Jon Loeliger <jdl@netgate.com>

diff --git a/src/vnet/classify/classify_api.c b/src/vnet/classify/classify_api.c
index 0725a9c..24f2887 100644 (file)
--- a/src/vnet/classify/classify_api.c
+++ b/src/vnet/classify/classify_api.c
@@ -237,6 +237,10 @@ vl_api_policer_classify_dump_t_handler (vl_api_policer_classify_dump_t * mp)
     return;
 
   filter_sw_if_index = ntohl (mp->sw_if_index);
+  if (filter_sw_if_index
+      >= vec_len (pcm->classify_table_index_by_sw_if_index[mp->type]))
+    return;
+
   if (filter_sw_if_index != ~0)
     vec_tbl =
       &pcm->classify_table_index_by_sw_if_index[mp->type][filter_sw_if_index];
@@ -519,6 +523,10 @@ vl_api_flow_classify_dump_t_handler (vl_api_flow_classify_dump_t * mp)
     return;
 
   filter_sw_if_index = ntohl (mp->sw_if_index);
+  if (filter_sw_if_index
+      >= vec_len (pcm->classify_table_index_by_sw_if_index[mp->type]))
+    return;
+
   if (filter_sw_if_index != ~0)
     vec_tbl =
       &pcm->classify_table_index_by_sw_if_index[mp->type][filter_sw_if_index];