diff options
author | Damjan Marion <damarion@cisco.com> | 2019-04-24 23:39:16 +0200 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-25 08:32:28 +0000 |
commit | a829b13986d556ab3aeb52668129fe4b13a1f24f (patch) | |
tree | 157e7c2deea5405c97b9c80f40f773c43d453cb8 /src | |
parent | d1bed687231bb64cf7761da37431ba61bc32b6d8 (diff) |
ipsec: drop runts in esp-decrypt
Change-Id: Id7fcaf8590f9f2dcccdebea0ad31c7ecd1cbc8af
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 5d1f20604d5..dfc86d47ace 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -44,6 +44,7 @@ typedef enum _(INTEG_ERROR, "Integrity check failed") \ _(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \ _(REPLAY, "SA replayed packet") \ + _(RUNT, "undersized packet") \ _(CHAINED_BUFFER, "chained buffers (packet dropped)") \ _(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \ _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") @@ -193,6 +194,13 @@ esp_decrypt_inline (vlib_main_t * vm, goto next; } + if (pd->current_length < cpd.icv_sz + esp_sz + cpd.iv_sz) + { + b[0]->error = node->errors[ESP_DECRYPT_ERROR_RUNT]; + next[0] = ESP_DECRYPT_NEXT_DROP; + goto next; + } + len = pd->current_length - cpd.icv_sz; current_sa_pkts += 1; current_sa_bytes += pd->current_length; |