summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-05-17 23:43:59 +0200
committerDamjan Marion <dmarion.lists@gmail.com>2017-05-18 15:40:49 +0000
commit324fe29346e16228d5dca349ea509254c9cd4ea5 (patch)
tree3ac4810b2270922b4dae71b4faf5511b6d340d44 /src/vnet/ipsec
parentba7ddfe9b77771c47f99df5475e6e92b8d80816e (diff)
acl-plugin: reject the too-short variable-length messages from clients (VPP-839)
Prior to commit bfd9227e6da567e0e19e026afe94cd4c0b65f725, there was no clean way to check the lower-level message length as supplied by the client, so there was no option but to trust that the client does the right thing and allocates memory correctly. The absence of checks makes it hard for a misbehaving client to spot the problem - because everything "appears" to work correctly for the specific erroneous message exchange. This commit ensures the message received is at least as big as we expect, and complains loudly if it is not. Change-Id: I806eaac7c7f1ab3c64cb2bfa6939ce27da9a2b44 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vnet/ipsec')
0 files changed, 0 insertions, 0 deletions