IPSEC: some CLI fixes

[vpp.git] / src / vnet / ipsec / ipsec_sa.c

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 2d2e90a..8e85469 100644 (file)
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -66,7 +66,7 @@ ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len)
 /**
  * 'stack' (resolve the recursion for) the SA tunnel destination
  */
-void
+static void
 ipsec_sa_stack (ipsec_sa_t * sa)
 {
   ipsec_main_t *im = &ipsec_main;
@@ -170,9 +170,20 @@ ipsec_sa_add (u32 id,
   sa->crypto_key_index = vnet_crypto_key_add (vm,
                                              im->crypto_algs[crypto_alg].alg,
                                              (u8 *) ck->data, ck->len);
+  if (~0 == sa->crypto_key_index)
+    {
+      pool_put (im->sad, sa);
+      return VNET_API_ERROR_KEY_LENGTH;
+    }
+
   sa->integ_key_index = vnet_crypto_key_add (vm,
                                             im->integ_algs[integ_alg].alg,
                                             (u8 *) ik->data, ik->len);
+  if (~0 == sa->integ_key_index)
+    {
+      pool_put (im->sad, sa);
+      return VNET_API_ERROR_KEY_LENGTH;
+    }
 
   err = ipsec_check_support_cb (im, sa);
   if (err)
@@ -358,7 +369,7 @@ ipsec_set_sa_key (u32 id, const ipsec_key_t * ck, const ipsec_key_t * ik)
   /* new integ key */
   if (ik)
     {
-      clib_memcpy (&sa->integ_key, 0, sizeof (sa->integ_key));
+      clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key));
       vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg,
                              (u8 *) ik->data, ik->len);
     }