From: Eyal Bari <ebari@cisco.com>
Date: Sun, 22 Jul 2018 09:45:15 +0000 (+0300)
Subject: fix vector index range checks
X-Git-Tag: v18.10-rc1~553
X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commitdiff_plain;h=cd30774fa9280736ffaea3e9a51948593e8eebc2

fix vector index range checks

Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e
Signed-off-by: Eyal Bari <ebari@cisco.com>
---

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 56bd530ca72..8f2be5d197b 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1418,7 +1418,7 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
     }
   else
     {
-      if (sw_if_index > vec_len (*pinout_acl_vec_by_sw_if_index))
+      if (sw_if_index >= vec_len (*pinout_acl_vec_by_sw_if_index))
 	{
 	  rv = VNET_API_ERROR_NO_SUCH_ENTRY;
 	  goto done;
@@ -3457,7 +3457,7 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index)
   int i;
 
   /* Don't try to print someone else's memory */
-  if (macip_acl_index > vec_len (am->macip_acls))
+  if (macip_acl_index >= vec_len (am->macip_acls))
     return;
 
   macip_acl_list_t *a = vec_elt_at_index (am->macip_acls, macip_acl_index);
diff --git a/src/plugins/acl/session_inlines.h b/src/plugins/acl/session_inlines.h
index 4d5dfe7587a..0d7c1e4ace7 100644
--- a/src/plugins/acl/session_inlines.h
+++ b/src/plugins/acl/session_inlines.h
@@ -120,15 +120,10 @@ always_inline fa_session_t *
 get_session_ptr (acl_main_t * am, u16 thread_index, u32 session_index)
 {
   acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
-  if (session_index > vec_len (pw->fa_sessions_pool))
-    {
-      return 0;
-    }
+  if (session_index >= vec_len (pw->fa_sessions_pool))
+    return 0;
 
-  fa_session_t *sess = (session_index > vec_len (pw->fa_sessions_pool)) ? 0 :
-    pool_elt_at_index (pw->fa_sessions_pool,
-		       session_index);
-  return sess;
+  return pool_elt_at_index (pw->fa_sessions_pool, session_index);
 }
 
 always_inline int
diff --git a/src/plugins/dpdk/device/flow.c b/src/plugins/dpdk/device/flow.c
index 31818f1c447..351390b6d34 100644
--- a/src/plugins/dpdk/device/flow.c
+++ b/src/plugins/dpdk/device/flow.c
@@ -368,7 +368,7 @@ format_dpdk_flow (u8 * s, va_list * args)
       return s;
     }
 
-  if (private_data > vec_len (xd->flow_entries))
+  if (private_data >= vec_len (xd->flow_entries))
     return format (s, "unknown flow");
 
   fe = vec_elt_at_index (xd->flow_entries, private_data);
diff --git a/src/svm/svm_fifo_segment.c b/src/svm/svm_fifo_segment.c
index ce1d5a0eab1..a3181ee1e28 100644
--- a/src/svm/svm_fifo_segment.c
+++ b/src/svm/svm_fifo_segment.c
@@ -562,7 +562,7 @@ svm_fifo_segment_num_free_fifos (svm_fifo_segment_private_t * fifo_segment,
   freelist_index = max_log2 (rounded_data_size)
     - max_log2 (FIFO_SEGMENT_MIN_FIFO_SIZE);
 
-  if (freelist_index > vec_len (fsh->free_fifos))
+  if (freelist_index >= vec_len (fsh->free_fifos))
     return 0;
 
   f = fsh->free_fifos[freelist_index];
diff --git a/src/vnet/gre/interface.c b/src/vnet/gre/interface.c
index 0822cd74b52..70c6c4df3b3 100644
--- a/src/vnet/gre/interface.c
+++ b/src/vnet/gre/interface.c
@@ -135,7 +135,7 @@ gre_tunnel_stack (adj_index_t ai)
   adj = adj_get (ai);
   sw_if_index = adj->rewrite_header.sw_if_index;
 
-  if ((vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index) ||
+  if ((vec_len (gm->tunnel_index_by_sw_if_index) <= sw_if_index) ||
       (~0 == gm->tunnel_index_by_sw_if_index[sw_if_index]))
     return;
 
diff --git a/src/vnet/ip/ip6_neighbor.c b/src/vnet/ip/ip6_neighbor.c
index 7c7a7069e89..6227ed6dfb0 100644
--- a/src/vnet/ip/ip6_neighbor.c
+++ b/src/vnet/ip/ip6_neighbor.c
@@ -4247,7 +4247,7 @@ ip6_get_ll_address (u32 sw_if_index, ip6_address_t * addr)
   ip6_radv_t *radv_info;
   u32 ri;
 
-  if (vec_len (nm->if_radv_pool_index_by_sw_if_index) < sw_if_index)
+  if (vec_len (nm->if_radv_pool_index_by_sw_if_index) <= sw_if_index)
     return 0;
 
   ri = nm->if_radv_pool_index_by_sw_if_index[sw_if_index];
diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c
index a47704a62e6..c49be099d9a 100644
--- a/src/vnet/ipip/ipip.c
+++ b/src/vnet/ipip/ipip.c
@@ -355,7 +355,7 @@ ipip_tunnel_t *
 ipip_tunnel_db_find_by_sw_if_index (u32 sw_if_index)
 {
   ipip_main_t *gm = &ipip_main;
-  if (vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index)
+  if (vec_len (gm->tunnel_index_by_sw_if_index) <= sw_if_index)
     return NULL;
   u32 ti = gm->tunnel_index_by_sw_if_index[sw_if_index];
   if (ti == ~0)
diff --git a/src/vnet/mpls/interface.c b/src/vnet/mpls/interface.c
index c792d56b12e..ec541f760de 100644
--- a/src/vnet/mpls/interface.c
+++ b/src/vnet/mpls/interface.c
@@ -29,7 +29,7 @@ mpls_sw_interface_is_enabled (u32 sw_if_index)
 {
     mpls_main_t * mm = &mpls_main;
 
-    if (vec_len(mm->mpls_enabled_by_sw_if_index) < sw_if_index)
+    if (vec_len(mm->mpls_enabled_by_sw_if_index) <= sw_if_index)
         return (0);
 
     return (mm->mpls_enabled_by_sw_if_index[sw_if_index]);
diff --git a/src/vnet/mpls/mpls_tunnel.c b/src/vnet/mpls/mpls_tunnel.c
index d3faeac6a0d..1d2614ca248 100644
--- a/src/vnet/mpls/mpls_tunnel.c
+++ b/src/vnet/mpls/mpls_tunnel.c
@@ -52,7 +52,7 @@ static const char *mpls_tunnel_attribute_names[] = MPLS_TUNNEL_ATTRIBUTES;
 static mpls_tunnel_t*
 mpls_tunnel_get_from_sw_if_index (u32 sw_if_index)
 {
-    if ((vec_len(mpls_tunnel_db) < sw_if_index) ||
+    if ((vec_len(mpls_tunnel_db) <= sw_if_index) ||
         (~0 == mpls_tunnel_db[sw_if_index]))
         return (NULL);
 
diff --git a/src/vnet/unix/gdb_funcs.c b/src/vnet/unix/gdb_funcs.c
index 41ae3bdca67..d78773edf07 100644
--- a/src/vnet/unix/gdb_funcs.c
+++ b/src/vnet/unix/gdb_funcs.c
@@ -131,7 +131,7 @@ vlib_runtime_index_to_node_name (u32 index)
   vlib_main_t *vm = vlib_get_main ();
   vlib_node_main_t *nm = &vm->node_main;
 
-  if (index > vec_len (nm->nodes))
+  if (index >= vec_len (nm->nodes))
     {
       fformat (stderr, "%d out of range, max %d\n", vec_len (nm->nodes));
       return;
diff --git a/src/vnet/util/trajectory.c b/src/vnet/util/trajectory.c
index 91812dcba58..2538c7ee64a 100644
--- a/src/vnet/util/trajectory.c
+++ b/src/vnet/util/trajectory.c
@@ -44,7 +44,7 @@ vnet_dump_trajectory_trace (vlib_main_t * vm, u32 bi)
 
       node_index = trace[i];
 
-      if (node_index > vec_len (vnm->nodes))
+      if (node_index >= vec_len (vnm->nodes))
 	{
 	  fformat (stderr, "Skip bogus node index %d\n", node_index);
 	  continue;
diff --git a/src/vnet/vxlan/vxlan.c b/src/vnet/vxlan/vxlan.c
index e1ee3486b4b..f0312bed9b1 100644
--- a/src/vnet/vxlan/vxlan.c
+++ b/src/vnet/vxlan/vxlan.c
@@ -1124,7 +1124,7 @@ vnet_vxlan_get_tunnel_index (u32 sw_if_index)
 {
   vxlan_main_t *vxm = &vxlan_main;
 
-  if (sw_if_index > vec_len (vxm->tunnel_index_by_sw_if_index))
+  if (sw_if_index >= vec_len (vxm->tunnel_index_by_sw_if_index))
     return ~0;
   return vxm->tunnel_index_by_sw_if_index[sw_if_index];
 }