ipsec: fix length check when adding footer+icv

author Benoît Ganne <bganne@cisco.com>

Mon, 14 Jun 2021 15:23:56 +0000 (17:23 +0200)

committer Neale Ranns <neale@graphiant.com>

Tue, 15 Jun 2021 13:37:41 +0000 (13:37 +0000)
author Benoît Ganne <bganne@cisco.com>
Mon, 14 Jun 2021 15:23:56 +0000 (17:23 +0200)
committer Neale Ranns <neale@graphiant.com>
Tue, 15 Jun 2021 13:37:41 +0000 (13:37 +0000)
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c

index 30c2bf9..68aeb60 100644 (file)
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -129,7 +129,8 @@ esp_add_footer_and_icv (vlib_main_t *vm, vlib_buffer_t **last, u8 esp_align,
                                       last[0]->current_length + pad_bytes);
    u16 tail_sz = sizeof (esp_footer_t) + pad_bytes + icv_sz;
  
-  if (last[0]->current_length + tail_sz > buffer_data_size)
+  if (last[0]->current_data + last[0]->current_length + tail_sz >
+      buffer_data_size)
      {
        u32 tmp_bi = 0;
        if (vlib_buffer_alloc (vm, &tmp_bi, 1) != 1)
author	Benoît Ganne <bganne@cisco.com>
	Mon, 14 Jun 2021 15:23:56 +0000 (17:23 +0200)
committer	Neale Ranns <neale@graphiant.com>
	Tue, 15 Jun 2021 13:37:41 +0000 (13:37 +0000)