From: Neale Ranns <nranns@cisco.com>
Date: Wed, 20 Mar 2019 14:10:23 +0000 (+0000)
Subject: IPSEC: Tunnel SA not deleted
X-Git-Tag: v19.04-rc1~175
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F26%2F18426%2F2;p=vpp.git

IPSEC: Tunnel SA not deleted

p is overwritten by hash_unset so an incorrect value is passed to
ipsec_sa_del

Change-Id: I97300dd4421c62d7cfa47b8e7e9789becb2370e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
---

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 33cac4c3cbd..7a44456efb6 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -382,11 +382,14 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
     }
   else
     {
+      u32 ti;
+
       /* check if exists */
       if (!p)
 	return VNET_API_ERROR_INVALID_VALUE;
 
-      t = pool_elt_at_index (im->tunnel_interfaces, p[0]);
+      ti = p[0];
+      t = pool_elt_at_index (im->tunnel_interfaces, ti);
       hi = vnet_get_hw_interface (vnm, t->hw_if_index);
       vnet_sw_interface_set_flags (vnm, hi->sw_if_index, 0);	/* admin down */
 
@@ -401,8 +404,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       pool_put (im->tunnel_interfaces, t);
 
       /* delete input and output SA */
-      ipsec_sa_del (ipsec_tun_mk_input_sa_id (p[0]));
-      ipsec_sa_del (ipsec_tun_mk_output_sa_id (p[0]));
+      ipsec_sa_del (ipsec_tun_mk_input_sa_id (ti));
+      ipsec_sa_del (ipsec_tun_mk_output_sa_id (ti));
     }
 
   if (sw_if_index)