Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
ipsec: validate number of input sas
[vpp.git] / src / vnet / ipsec / ipsec_tun.c
diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index 07dd9ea..268f778 100644 (file)
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -626,6 +626,12 @@ ipsec_tun_protect_update (u32 sw_if_index,
            format_vnet_sw_if_index_name, vnet_get_main (), sw_if_index,
            format_ip_address, nh);
 
+  if (vec_len (sas_in) > ITP_MAX_N_SA_IN)
+    {
+      rv = VNET_API_ERROR_LIMIT_EXCEEDED;
+      goto out;
+    }
+
   rv = 0;
   im = &ipsec_main;
   if (NULL == nh)
Vector Packet Processing