diff options
author | Benoît Ganne <bganne@cisco.com> | 2021-06-14 17:23:56 +0200 |
---|---|---|
committer | Neale Ranns <neale@graphiant.com> | 2021-06-15 13:37:41 +0000 |
commit | 217ba5a9dee79b37099aac8bb262337dc893915a (patch) | |
tree | c35a29c5bfc5990d0b219ef32143150bbb441f67 /src/vnet/ipsec | |
parent | 7e78119c257579731c8902556b4a197c3fc3e92e (diff) |
ipsec: fix length check when adding footer+icv
Length check must also take current_data into account.
Type: fix
Change-Id: I7a1b1752868892d40f59490d05452ef24565cca6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index 30c2bf9a8ac..68aeb60885c 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -129,7 +129,8 @@ esp_add_footer_and_icv (vlib_main_t *vm, vlib_buffer_t **last, u8 esp_align, last[0]->current_length + pad_bytes); u16 tail_sz = sizeof (esp_footer_t) + pad_bytes + icv_sz; - if (last[0]->current_length + tail_sz > buffer_data_size) + if (last[0]->current_data + last[0]->current_length + tail_sz > + buffer_data_size) { u32 tmp_bi = 0; if (vlib_buffer_alloc (vm, &tmp_bi, 1) != 1) |