X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_sa.c;h=8e8546985ecca7c70f7444fbb8a201c70507ca9d;hb=e6be702362299566990678f505512b1b74b49112;hp=2d2e90a1d274122049efbba7a2232bdc114bd074;hpb=d1bed687231bb64cf7761da37431ba61bc32b6d8;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 2d2e90a1d27..8e8546985ec 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -66,7 +66,7 @@ ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len)
 /**
  * 'stack' (resolve the recursion for) the SA tunnel destination
  */
-void
+static void
 ipsec_sa_stack (ipsec_sa_t * sa)
 {
   ipsec_main_t *im = &ipsec_main;
@@ -170,9 +170,20 @@ ipsec_sa_add (u32 id,
   sa->crypto_key_index = vnet_crypto_key_add (vm,
 					      im->crypto_algs[crypto_alg].alg,
 					      (u8 *) ck->data, ck->len);
+  if (~0 == sa->crypto_key_index)
+    {
+      pool_put (im->sad, sa);
+      return VNET_API_ERROR_KEY_LENGTH;
+    }
+
   sa->integ_key_index = vnet_crypto_key_add (vm,
 					     im->integ_algs[integ_alg].alg,
 					     (u8 *) ik->data, ik->len);
+  if (~0 == sa->integ_key_index)
+    {
+      pool_put (im->sad, sa);
+      return VNET_API_ERROR_KEY_LENGTH;
+    }
 
   err = ipsec_check_support_cb (im, sa);
   if (err)
@@ -358,7 +369,7 @@ ipsec_set_sa_key (u32 id, const ipsec_key_t * ck, const ipsec_key_t * ik)
   /* new integ key */
   if (ik)
     {
-      clib_memcpy (&sa->integ_key, 0, sizeof (sa->integ_key));
+      clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key));
       vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg,
 			      (u8 *) ik->data, ik->len);
     }