From e7ac6d0250664f278e7aa5a483f413bda0432def Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Tue, 29 Oct 2019 11:13:05 +0100
Subject: ipsec: fix esp trace seq number overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Do not copy invalid seq number if packet is too small.

Type: fix

Change-Id: I1e78f5920e9645521f57efccaf35bbf9ce0676a8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c520fe7ab9db6fa60f9e69be990dd5c83eb40522)
---
 src/vnet/ipsec/ipsec_tun_in.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec/ipsec_tun_in.c')

diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index 04f7a9296ab..d88cc08ddbd 100644
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -376,7 +376,9 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	      else
 		clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
 	      tr->is_ip6 = is_ip6;
-	      tr->seq = clib_host_to_net_u32 (esp0->seq);
+	      tr->seq =
+		len0 >=
+		sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
 	    }
 	}
 
-- 
cgit 1.2.3-korg