\orchagent\p4orch\tests\acl_manager_test.cpp vulnerability in ip_type_bit_type_lookup

[marwanelmessiry]

Risk: The provided line of code introduces a potential buffer improper index access vulnerability. This can lead to several security risks:

Memory Leakage: Reading an array index outside of the array's bounds can leak arbitrary memory, which could contain sensitive information.
Memory Corruption: Writing to an array index outside of the array's bounds can result in arbitrary memory writes, leading to memory corruption.
Denial of Service: If the application crashes due to memory corruption, it can lead to a denial of service.
Arbitrary Code Execution: In some cases, an attacker may exploit this vulnerability to execute arbitrary code.
Cause: The vulnerability arises from the following issue in the code:

Lack of Bounds Checking and Input Validation: The code does not validate the key before adding it to the ip_type_bit_type_lookup map. Specifically, the line acl_table->ip_type_bit_type_lookup["invalid"] = "invalid"; adds a key that is clearly labeled as "invalid", which should not be part of the map. This can lead to unexpected behavior if the key is not well-formed or if it is manipulated by an attacker.