From: Benoît Ganne <bganne@cisco.com>
Date: Mon, 14 Jun 2021 15:23:56 +0000 (+0200)
Subject: ipsec: fix length check when adding footer+icv
X-Git-Tag: v22.02-rc0~317
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=217ba5a9dee79b37099aac8bb262337dc893915a;hp=7e78119c257579731c8902556b4a197c3fc3e92e;p=vpp.git

ipsec: fix length check when adding footer+icv

Length check must also take current_data into account.

Type: fix

Change-Id: I7a1b1752868892d40f59490d05452ef24565cca6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 30c2bf9a8ac..68aeb60885c 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -129,7 +129,8 @@ esp_add_footer_and_icv (vlib_main_t *vm, vlib_buffer_t **last, u8 esp_align,
 				      last[0]->current_length + pad_bytes);
   u16 tail_sz = sizeof (esp_footer_t) + pad_bytes + icv_sz;
 
-  if (last[0]->current_length + tail_sz > buffer_data_size)
+  if (last[0]->current_data + last[0]->current_length + tail_sz >
+      buffer_data_size)
     {
       u32 tmp_bi = 0;
       if (vlib_buffer_alloc (vm, &tmp_bi, 1) != 1)