Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
IPSEC: some CLI fixes
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_sa.c
diff --git
a/src/vnet/ipsec/ipsec_sa.c
b/src/vnet/ipsec/ipsec_sa.c
index
2d2e90a
..
8e85469
100644
(file)
--- a/
src/vnet/ipsec/ipsec_sa.c
+++ b/
src/vnet/ipsec/ipsec_sa.c
@@
-66,7
+66,7
@@
ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len)
/**
* 'stack' (resolve the recursion for) the SA tunnel destination
*/
/**
* 'stack' (resolve the recursion for) the SA tunnel destination
*/
-void
+
static
void
ipsec_sa_stack (ipsec_sa_t * sa)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_stack (ipsec_sa_t * sa)
{
ipsec_main_t *im = &ipsec_main;
@@
-170,9
+170,20
@@
ipsec_sa_add (u32 id,
sa->crypto_key_index = vnet_crypto_key_add (vm,
im->crypto_algs[crypto_alg].alg,
(u8 *) ck->data, ck->len);
sa->crypto_key_index = vnet_crypto_key_add (vm,
im->crypto_algs[crypto_alg].alg,
(u8 *) ck->data, ck->len);
+ if (~0 == sa->crypto_key_index)
+ {
+ pool_put (im->sad, sa);
+ return VNET_API_ERROR_KEY_LENGTH;
+ }
+
sa->integ_key_index = vnet_crypto_key_add (vm,
im->integ_algs[integ_alg].alg,
(u8 *) ik->data, ik->len);
sa->integ_key_index = vnet_crypto_key_add (vm,
im->integ_algs[integ_alg].alg,
(u8 *) ik->data, ik->len);
+ if (~0 == sa->integ_key_index)
+ {
+ pool_put (im->sad, sa);
+ return VNET_API_ERROR_KEY_LENGTH;
+ }
err = ipsec_check_support_cb (im, sa);
if (err)
err = ipsec_check_support_cb (im, sa);
if (err)
@@
-358,7
+369,7
@@
ipsec_set_sa_key (u32 id, const ipsec_key_t * ck, const ipsec_key_t * ik)
/* new integ key */
if (ik)
{
/* new integ key */
if (ik)
{
- clib_memcpy (&sa->integ_key,
0
, sizeof (sa->integ_key));
+ clib_memcpy (&sa->integ_key,
ik
, sizeof (sa->integ_key));
vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg,
(u8 *) ik->data, ik->len);
}
vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg,
(u8 *) ik->data, ik->len);
}