diff options
author | Neale Ranns <nranns@cisco.com> | 2019-04-13 15:30:21 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-15 08:36:43 +0000 |
commit | 0a0c7eef787dbf29c8b018420cb9d244cbe8d2dd (patch) | |
tree | 9160b3e6aa457c7e7bcee5c950afffca0d4fd65b /src/vnet/ipsec/esp_decrypt.c | |
parent | 2bccb181c79f56090107b55ed2d0a551cda12643 (diff) |
IPSEC: crypto overflow
decrypting too many bytes.
Change-Id: I4663e70271d9734eda7f9a127967b9224c0e5efc
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/esp_decrypt.c')
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 1386f4c79fc..c94577a5d5a 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -234,7 +234,7 @@ esp_decrypt_inline (vlib_main_t * vm, op->key = sa0->crypto_key.data; op->iv = payload; op->src = op->dst = payload += cpd.iv_sz; - op->len = len; + op->len = len - cpd.iv_sz; op->user_data = b - bufs; } |