From: Neale Ranns <nranns@cisco.com>
Date: Sat, 13 Apr 2019 15:30:21 +0000 (+0000)
Subject: IPSEC: crypto overflow
X-Git-Tag: v20.01-rc0~824
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=0a0c7eef787dbf29c8b018420cb9d244cbe8d2dd;p=vpp.git

IPSEC: crypto overflow

decrypting too many bytes.

Change-Id: I4663e70271d9734eda7f9a127967b9224c0e5efc
Signed-off-by: Neale Ranns <nranns@cisco.com>
---

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 1386f4c79fc..c94577a5d5a 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -234,7 +234,7 @@ esp_decrypt_inline (vlib_main_t * vm,
 	  op->key = sa0->crypto_key.data;
 	  op->iv = payload;
 	  op->src = op->dst = payload += cpd.iv_sz;
-	  op->len = len;
+	  op->len = len - cpd.iv_sz;
 	  op->user_data = b - bufs;
 	}