diff options
author | Pierre Pfister <ppfister@cisco.com> | 2018-11-26 09:29:00 +0100 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-11-26 19:53:18 +0000 |
commit | 6221927e9bad39c2856e844f8bc38947cb447f73 (patch) | |
tree | 74679586c0c01819b4ec5ba60a796baa3b69c72d | |
parent | a25def7807fb46bd48462be3ec5c598fc79e2a13 (diff) |
Fix IPSec CLI key parsing
strncpy stops copying when a byte set to 0 is read.
The fix is to use mempcy instead.
This patch also adds spd id to ipsec input trace.
Change-Id: Ibed071d3607fa76c3f6ee065f94128f1aca9b2e2
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
-rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_input.c | 11 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index ee7dd404a87..9c64822c37f 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -167,10 +167,10 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, sa.integ_key_len = sizeof (sa.integ_key); if (ck) - strncpy ((char *) sa.crypto_key, (char *) ck, sa.crypto_key_len); + memcpy (sa.crypto_key, ck, sa.crypto_key_len); if (ik) - strncpy ((char *) sa.integ_key, (char *) ik, sa.integ_key_len); + memcpy (sa.integ_key, ik, sa.integ_key_len); if (is_add) { diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c index 19c3b5bcef1..ef4113a1c09 100644 --- a/src/vnet/ipsec/ipsec_input.c +++ b/src/vnet/ipsec/ipsec_input.c @@ -44,6 +44,7 @@ static char *ipsec_input_error_strings[] = { typedef struct { + u32 spd; u32 sa_id; u32 spi; u32 seq; @@ -65,11 +66,14 @@ format_ipsec_input_trace (u8 * s, va_list * args) if (t->sa_id != 0) { - s = format (s, "esp: sa_id %u spi %u seq %u", t->sa_id, t->spi, t->seq); + s = + format (s, "esp: sa_id %u spd %u spi %u seq %u", t->sa_id, t->spd, + t->spi, t->seq); } else { - s = format (s, "esp: no sa spi %u seq %u", t->spi, t->seq); + s = + format (s, "esp: no sa spd %u spi %u seq %u", t->spd, t->spi, t->seq); } return s; } @@ -269,6 +273,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (esp0->spi); tr->seq = clib_host_to_net_u32 (esp0->seq); + tr->spd = spd0->id; } } @@ -309,6 +314,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (ah0->spi); tr->seq = clib_host_to_net_u32 (ah0->seq_no); + tr->spd = spd0->id; } } } @@ -457,6 +463,7 @@ VLIB_NODE_FN (ipsec6_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (esp0->spi); tr->seq = clib_host_to_net_u32 (esp0->seq); + tr->spd = spd0->id; } } |