From 769145cdbc28324bd0b6304951199ec3d6e0e883 Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Wed, 6 Mar 2019 11:59:57 +0100
Subject: ip: respect buffer boundary when searching for ipv6 headers

Type: fix

Change-Id: I5a5461652f8115fa1270e20f748178fb5f5450f2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
---
 src/vnet/ipsec/ah_decrypt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec')

diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index bbe6b647c52..f46fa6e2161 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -184,7 +184,8 @@ ah_decrypt_inline (vlib_main_t * vm,
       if (is_ip6)
 	{
 	  ip6_ext_header_t *prev = NULL;
-	  ip6_ext_header_find_t (ih6, prev, ah0, IP_PROTOCOL_IPSEC_AH);
+	  ah0 =
+	    ip6_ext_header_find (vm, b[0], ih6, IP_PROTOCOL_IPSEC_AH, &prev);
 	  pd->ip_hdr_size = sizeof (ip6_header_t);
 	  ASSERT ((u8 *) ah0 - (u8 *) ih6 == pd->ip_hdr_size);
 	}
-- 
cgit 1.2.3-korg