diff options
| author | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2017-02-17 14:04:25 +0900 |
|---|---|---|
| committer | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2017-02-17 14:04:25 +0900 |
| commit | 564c45b90b959f6159119fd8f28fa6479f40c717 (patch) | |
| tree | bcc9631dadcd27f9dea25be0be72df200a67ddc3 | |
| parent | c0d521333f7be469e4b90877475e8fcb1333acef (diff) | |
table: fix DeletePolicyAssignment() crash with bogus input
len(cur)-len(ps) is negative if the caller tries to remove more than
currently assigned policies.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
| -rw-r--r-- | table/policy.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/table/policy.go b/table/policy.go index 7e3a2246..d1acac4c 100644 --- a/table/policy.go +++ b/table/policy.go @@ -3526,7 +3526,12 @@ func (r *RoutingPolicy) DeletePolicyAssignment(id string, dir PolicyDirection, p } err = r.setDefaultPolicy(id, dir, ROUTE_TYPE_NONE) } else { - n := make([]*Policy, 0, len(cur)-len(ps)) + l := len(cur) - len(ps) + if l < 0 { + // try to remove more than the assigned policies... + l = len(cur) + } + n := make([]*Policy, 0, l) for _, y := range cur { found := false for _, x := range ps { |