commit 54223ee25756faa0ced82c5bcb9a8ac633ccdbd8
author Florin Coras <fcoras@cisco.com> Wed Mar 02 21:06:30 2022 -0800
committer Dave Barach <openvpp@barachs.net> Thu Mar 03 19:15:43 2022 +0000
tree b6875ff0adcf1639c7427dd839478d5a46bffc67
parent bb5e2fc2c4a37ccc07cc16ed5601c983cd74d8ec

vcl: validate vls_epoll_ctl inputs

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I315ef0122ccb21ccfef117a58b1dc998127618ce

src/vcl/vcl_locked.c

diff --git a/src/vcl/vcl_locked.c b/src/vcl/vcl_locked.c
index 5ec553e..f6df0fb 100644
--- a/src/vcl/vcl_locked.c
+++ b/src/vcl/vcl_locked.c
@@ -1481,17 +1481,33 @@
 
   vls_mt_detect ();
   vls_mt_pool_rlock ();
+
   ep_vls = vls_get_and_lock (ep_vlsh);
+  if (PREDICT_FALSE (!ep_vls))
+    {
+      vls_mt_pool_runlock ();
+      return VPPCOM_EBADFD;
+    }
 
   if (vls_mt_session_should_migrate (ep_vls))
     {
       ep_vls = vls_mt_session_migrate (ep_vls);
       if (PREDICT_FALSE (!ep_vls))
-	return VPPCOM_EBADFD;
+	{
+	  vls_mt_pool_runlock ();
+	  return VPPCOM_EBADFD;
+	}
+    }
+
+  vls = vls_get_and_lock (vlsh);
+  if (PREDICT_FALSE (!vls))
+    {
+      vls_unlock (ep_vls);
+      vls_mt_pool_runlock ();
+      return VPPCOM_EBADFD;
     }
 
   ep_sh = vls_to_sh (ep_vls);
-  vls = vls_get_and_lock (vlsh);
   sh = vls_to_sh (vls);
 
   vls_epoll_ctl_mp_checks (vls, op);