ip: respect buffer boundary when searching for ipv6 headers

Type: fix Change-Id: I5a5461652f8115fa1270e20f748178fb5f5450f2 Signed-off-by: Klement Sekera <ksekera@cisco.com> (cherry picked from commit 769145cdbc28324bd0b6304951199ec3d6e0e883)
author: Klement Sekera <ksekera@cisco.com> 2019-03-06 11:59:57 +0100
committer: Andrew Yourtchenko <ayourtch@gmail.com> 2019-10-03 16:11:41 +0000
commit: 35a265ceaef4af68e4d1d817447b0b895176a6ff (patch)
tree: 45884086bdf037a1c87adebc515a03d1ebcad101 /src/vnet/ipsec
parent: 09c91fe62775817a143a491ed999ddec30b8042b (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index bbe6b647c52..f46fa6e2161 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -184,7 +184,8 @@ ah_decrypt_inline (vlib_main_t * vm,
       if (is_ip6)
 	{
 	  ip6_ext_header_t *prev = NULL;
-	  ip6_ext_header_find_t (ih6, prev, ah0, IP_PROTOCOL_IPSEC_AH);
+	  ah0 =
+	    ip6_ext_header_find (vm, b[0], ih6, IP_PROTOCOL_IPSEC_AH, &prev);
 	  pd->ip_hdr_size = sizeof (ip6_header_t);
 	  ASSERT ((u8 *) ah0 - (u8 *) ih6 == pd->ip_hdr_size);
 	}
author	Klement Sekera <ksekera@cisco.com>	2019-03-06 11:59:57 +0100
committer	Andrew Yourtchenko <ayourtch@gmail.com>	2019-10-03 16:11:41 +0000
commit	35a265ceaef4af68e4d1d817447b0b895176a6ff (patch)
tree	45884086bdf037a1c87adebc515a03d1ebcad101 /src/vnet/ipsec
parent	09c91fe62775817a143a491ed999ddec30b8042b (diff)