\orchagent\p4orch\tests\acl_manager_test.cpp vulnerability in udf_group_attr_index_lookup

[marwanelmessiry]

Risk: The provided line of code introduces a potential buffer improper index access vulnerability. This can lead to several security risks:

Memory Leakage: Reading an array index outside of the array's bounds can leak arbitrary memory, which could contain sensitive information.
Memory Corruption: Writing to an array index outside of the array's bounds can result in arbitrary memory writes, leading to memory corruption.
Denial of Service: If the application crashes due to memory corruption, it can lead to a denial of service.
Arbitrary Code Execution: In some cases, an attacker may exploit this vulnerability to execute arbitrary code.
Cause: The vulnerability arises from the following issue in the code:

Lack of Bounds Checking: The code does not ensure that the index used to access the array is within the valid bounds of the array. Specifically, the line acl_table->udf_group_attr_index_lookup["invalid"] = 0; does not check if the key is valid or if the map access is within bounds.