diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-05-17 23:43:59 +0200 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-05-18 15:40:49 +0000 |
commit | 324fe29346e16228d5dca349ea509254c9cd4ea5 (patch) | |
tree | 3ac4810b2270922b4dae71b4faf5511b6d340d44 /src/vnet/ipsec | |
parent | ba7ddfe9b77771c47f99df5475e6e92b8d80816e (diff) |
acl-plugin: reject the too-short variable-length messages from clients (VPP-839)
Prior to commit bfd9227e6da567e0e19e026afe94cd4c0b65f725, there was
no clean way to check the lower-level message length as supplied
by the client, so there was no option but to trust that the client
does the right thing and allocates memory correctly.
The absence of checks makes it hard for a misbehaving client
to spot the problem - because everything "appears" to work
correctly for the specific erroneous message exchange.
This commit ensures the message received is at least
as big as we expect, and complains loudly if it is not.
Change-Id: I806eaac7c7f1ab3c64cb2bfa6939ce27da9a2b44
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vnet/ipsec')
0 files changed, 0 insertions, 0 deletions