aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2021-06-14 17:23:56 +0200
committerNeale Ranns <neale@graphiant.com>2021-06-15 13:37:41 +0000
commit217ba5a9dee79b37099aac8bb262337dc893915a (patch)
treec35a29c5bfc5990d0b219ef32143150bbb441f67 /src/vnet/ipsec
parent7e78119c257579731c8902556b4a197c3fc3e92e (diff)
ipsec: fix length check when adding footer+icv
Length check must also take current_data into account. Type: fix Change-Id: I7a1b1752868892d40f59490d05452ef24565cca6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 30c2bf9a8ac..68aeb60885c 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -129,7 +129,8 @@ esp_add_footer_and_icv (vlib_main_t *vm, vlib_buffer_t **last, u8 esp_align,
last[0]->current_length + pad_bytes);
u16 tail_sz = sizeof (esp_footer_t) + pad_bytes + icv_sz;
- if (last[0]->current_length + tail_sz > buffer_data_size)
+ if (last[0]->current_data + last[0]->current_length + tail_sz >
+ buffer_data_size)
{
u32 tmp_bi = 0;
if (vlib_buffer_alloc (vm, &tmp_bi, 1) != 1)