From 6221927e9bad39c2856e844f8bc38947cb447f73 Mon Sep 17 00:00:00 2001 From: Pierre Pfister Date: Mon, 26 Nov 2018 09:29:00 +0100 Subject: Fix IPSec CLI key parsing strncpy stops copying when a byte set to 0 is read. The fix is to use mempcy instead. This patch also adds spd id to ipsec input trace. Change-Id: Ibed071d3607fa76c3f6ee065f94128f1aca9b2e2 Signed-off-by: Pierre Pfister --- src/vnet/ipsec/ipsec_cli.c | 4 ++-- src/vnet/ipsec/ipsec_input.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index ee7dd404a87..9c64822c37f 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -167,10 +167,10 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, sa.integ_key_len = sizeof (sa.integ_key); if (ck) - strncpy ((char *) sa.crypto_key, (char *) ck, sa.crypto_key_len); + memcpy (sa.crypto_key, ck, sa.crypto_key_len); if (ik) - strncpy ((char *) sa.integ_key, (char *) ik, sa.integ_key_len); + memcpy (sa.integ_key, ik, sa.integ_key_len); if (is_add) { diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c index 19c3b5bcef1..ef4113a1c09 100644 --- a/src/vnet/ipsec/ipsec_input.c +++ b/src/vnet/ipsec/ipsec_input.c @@ -44,6 +44,7 @@ static char *ipsec_input_error_strings[] = { typedef struct { + u32 spd; u32 sa_id; u32 spi; u32 seq; @@ -65,11 +66,14 @@ format_ipsec_input_trace (u8 * s, va_list * args) if (t->sa_id != 0) { - s = format (s, "esp: sa_id %u spi %u seq %u", t->sa_id, t->spi, t->seq); + s = + format (s, "esp: sa_id %u spd %u spi %u seq %u", t->sa_id, t->spd, + t->spi, t->seq); } else { - s = format (s, "esp: no sa spi %u seq %u", t->spi, t->seq); + s = + format (s, "esp: no sa spd %u spi %u seq %u", t->spd, t->spi, t->seq); } return s; } @@ -269,6 +273,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (esp0->spi); tr->seq = clib_host_to_net_u32 (esp0->seq); + tr->spd = spd0->id; } } @@ -309,6 +314,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (ah0->spi); tr->seq = clib_host_to_net_u32 (ah0->seq_no); + tr->spd = spd0->id; } } } @@ -457,6 +463,7 @@ VLIB_NODE_FN (ipsec6_input_node) (vlib_main_t * vm, tr->sa_id = p0->sa_id; tr->spi = clib_host_to_net_u32 (esp0->spi); tr->seq = clib_host_to_net_u32 (esp0->seq); + tr->spd = spd0->id; } } -- cgit 1.2.3-korg