diff options
author | Christian Hopps <chopps@labn.net> | 2020-07-14 08:39:30 -0400 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-09-08 17:12:22 +0000 |
commit | f6cb04460465d48a155aa3363106a82d160c7328 (patch) | |
tree | 4614e7d364d975ec224b12ec188b9f692fcce32d /src/plugins | |
parent | cd64f7395128084c4b92268f0a1dc1ec0bc08f86 (diff) |
dpdk-ipsec: don't leak buffers on crypto alloc failure
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 7 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_encrypt.c | 7 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index d7817100e4c..dcf7fda915c 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -45,7 +45,7 @@ typedef enum _(REPLAY, "SA replayed packet") \ _(NOT_IP, "Not IP packet (dropped)") \ _(ENQ_FAIL, "Enqueue decrypt failed (queue full)") \ - _(DISCARD, "Not enough crypto operations, discarding frame") \ + _(DISCARD, "Not enough crypto operations") \ _(BAD_LEN, "Invalid ciphertext length") \ _(SESSION, "Failed to get crypto session") \ _(NOSUP, "Cipher/Auth not supported") @@ -121,11 +121,12 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm, { if (is_ip6) vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index, - ESP_DECRYPT_ERROR_DISCARD, 1); + ESP_DECRYPT_ERROR_DISCARD, n_left_from); else vlib_node_increment_counter (vm, dpdk_esp4_decrypt_node.index, - ESP_DECRYPT_ERROR_DISCARD, 1); + ESP_DECRYPT_ERROR_DISCARD, n_left_from); /* Discard whole frame */ + vlib_buffer_free (vm, from, n_left_from); return n_left_from; } diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c index e78cb2d88d4..d6a55ecfc25 100644 --- a/src/plugins/dpdk/ipsec/esp_encrypt.c +++ b/src/plugins/dpdk/ipsec/esp_encrypt.c @@ -46,7 +46,7 @@ typedef enum _(RX_PKTS, "ESP pkts received") \ _(SEQ_CYCLED, "Sequence number cycled") \ _(ENQ_FAIL, "Enqueue encrypt failed (queue full)") \ - _(DISCARD, "Not enough crypto operations, discarding frame") \ + _(DISCARD, "Not enough crypto operations") \ _(SESSION, "Failed to get crypto session") \ _(NOSUP, "Cipher/Auth not supported") @@ -141,11 +141,12 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm, { if (is_ip6) vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index, - ESP_ENCRYPT_ERROR_DISCARD, 1); + ESP_ENCRYPT_ERROR_DISCARD, n_left_from); else vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index, - ESP_ENCRYPT_ERROR_DISCARD, 1); + ESP_ENCRYPT_ERROR_DISCARD, n_left_from); /* Discard whole frame */ + vlib_buffer_free (vm, from, n_left_from); return n_left_from; } |