summaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-12-07 09:14:27 -0700
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-08-12 07:43:14 +0000
commit299f9caae6975f1642462963e1df3deef343acfa (patch)
tree0d15ad13a203da4e115c19388128a5486f3b362c /src/vnet
parentb04bdd12e67c084a02ad6179c1e83173bee709b4 (diff)
ipsec: make sure pad_bytes does not exceed pad data size
This helps GCC understand the memcpy will not overflow pad_data. GCC-6 (default on Debian 9) in particular got confused. Type: fix Change-Id: I176eb01531b9d5c7ebec40f015e510b2d56e77c4 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 4505f0154eaba59c432c869b65e2dc493837032a)
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 186e122793d..6170603ded1 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -114,7 +114,11 @@ esp_add_footer_and_icv (vlib_buffer_t * b, u8 block_size, u8 icv_sz,
}
if (pad_bytes)
- clib_memcpy_fast ((u8 *) f - pad_bytes, pad_data, pad_bytes);
+ {
+ ASSERT (pad_bytes <= ESP_MAX_BLOCK_SIZE);
+ pad_bytes = clib_min (ESP_MAX_BLOCK_SIZE, pad_bytes);
+ clib_memcpy_fast ((u8 *) f - pad_bytes, pad_data, pad_bytes);
+ }
f->pad_length = pad_bytes;
b->current_length = new_length + icv_sz;