summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec_if_in.c12
-rw-r--r--src/vnet/ipsec/ipsec_tun_in.c4
2 files changed, 12 insertions, 4 deletions
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index f9341d62a68..974227f7a0e 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -457,7 +457,9 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
else
clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
tr->is_ip6 = is_ip6;
- tr->seq = clib_host_to_net_u32 (esp0->seq);
+ tr->seq =
+ len0 >=
+ sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
}
if (b[1]->flags & VLIB_BUFFER_IS_TRACED)
{
@@ -468,7 +470,9 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
else
clib_memcpy (&tr->key4, &key41, sizeof (tr->key4));
tr->is_ip6 = is_ip6;
- tr->seq = clib_host_to_net_u32 (esp1->seq);
+ tr->seq =
+ len1 >=
+ sizeof (*esp1) ? clib_host_to_net_u32 (esp1->seq) : ~0;
}
}
@@ -641,7 +645,9 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
else
clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
tr->is_ip6 = is_ip6;
- tr->seq = clib_host_to_net_u32 (esp0->seq);
+ tr->seq =
+ len0 >=
+ sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
}
}
diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index 04f7a9296ab..d88cc08ddbd 100644
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -376,7 +376,9 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
else
clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
tr->is_ip6 = is_ip6;
- tr->seq = clib_host_to_net_u32 (esp0->seq);
+ tr->seq =
+ len0 >=
+ sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
}
}