aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-13 15:30:21 +0000
committerNeale Ranns <nranns@cisco.com>2019-04-15 19:58:31 +0000
commit8f63c2ebe655e7cd27236f2327d2e9082f782f9b (patch)
treeb73aee893967268414c8c722aca0aa11eadf2b70 /src/vnet/ipsec
parent740ef6d02470aa9bd0a6dc490489b7269f3084f5 (diff)
IPSEC: crypto overflow
decrypting too many bytes. Change-Id: I4663e70271d9734eda7f9a127967b9224c0e5efc Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 0a0c7eef787dbf29c8b018420cb9d244cbe8d2dd)
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_decrypt.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index fc4a99a873d..759b1d9651c 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -234,7 +234,7 @@ esp_decrypt_inline (vlib_main_t * vm,
op->key = sa0->crypto_key.data;
op->iv = payload;
op->src = op->dst = payload += cpd.iv_sz;
- op->len = len;
+ op->len = len - cpd.iv_sz;
op->user_data = b - bufs;
}