aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp_decrypt.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-13 15:30:21 +0000
committerDamjan Marion <dmarion@me.com>2019-04-15 08:36:43 +0000
commit0a0c7eef787dbf29c8b018420cb9d244cbe8d2dd (patch)
tree9160b3e6aa457c7e7bcee5c950afffca0d4fd65b /src/vnet/ipsec/esp_decrypt.c
parent2bccb181c79f56090107b55ed2d0a551cda12643 (diff)
IPSEC: crypto overflow
decrypting too many bytes. Change-Id: I4663e70271d9734eda7f9a127967b9224c0e5efc Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/esp_decrypt.c')
-rw-r--r--src/vnet/ipsec/esp_decrypt.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 1386f4c79fc..c94577a5d5a 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -234,7 +234,7 @@ esp_decrypt_inline (vlib_main_t * vm,
op->key = sa0->crypto_key.data;
op->iv = payload;
op->src = op->dst = payload += cpd.iv_sz;
- op->len = len;
+ op->len = len - cpd.iv_sz;
op->user_data = b - bufs;
}