Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
| inline |
side by side
ipsec: validate number of input sas
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_tun.c
diff --git
a/src/vnet/ipsec/ipsec_tun.c
b/src/vnet/ipsec/ipsec_tun.c
index
07dd9ea
..
268f778
100644
(file)
--- a/
src/vnet/ipsec/ipsec_tun.c
+++ b/
src/vnet/ipsec/ipsec_tun.c
@@
-626,6
+626,12
@@
ipsec_tun_protect_update (u32 sw_if_index,
format_vnet_sw_if_index_name, vnet_get_main (), sw_if_index,
format_ip_address, nh);
+ if (vec_len (sas_in) > ITP_MAX_N_SA_IN)
+ {
+ rv = VNET_API_ERROR_LIMIT_EXCEEDED;
+ goto out;
+ }
+
rv = 0;
im = &ipsec_main;
if (NULL == nh)