IPSEC: crypto overflow

author Neale Ranns <nranns@cisco.com>

Sat, 13 Apr 2019 15:30:21 +0000 (15:30 +0000)

committer Damjan Marion <dmarion@me.com>

Mon, 15 Apr 2019 08:36:43 +0000 (08:36 +0000)
author Neale Ranns <nranns@cisco.com>
Sat, 13 Apr 2019 15:30:21 +0000 (15:30 +0000)
committer Damjan Marion <dmarion@me.com>
Mon, 15 Apr 2019 08:36:43 +0000 (08:36 +0000)
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c

index 1386f4c..c94577a 100644 (file)
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -234,7 +234,7 @@ esp_decrypt_inline (vlib_main_t * vm,
           op->key = sa0->crypto_key.data;
           op->iv = payload;
           op->src = op->dst = payload += cpd.iv_sz;
-         op->len = len;
+         op->len = len - cpd.iv_sz;
           op->user_data = b - bufs;
         }
author	Neale Ranns <nranns@cisco.com>
	Sat, 13 Apr 2019 15:30:21 +0000 (15:30 +0000)
committer	Damjan Marion <dmarion@me.com>
	Mon, 15 Apr 2019 08:36:43 +0000 (08:36 +0000)