From: Kingwel Xie <kingwel.xie@ericsson.com>
Date: Thu, 7 Mar 2019 11:34:30 +0000 (-0500)
Subject: ipsec: cli bug fixes
X-Git-Tag: v19.04-rc1~287
X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commitdiff_plain;h=d3d1205087783eb36c9e44d98a33a0f01adb47c9

ipsec: cli bug fixes

1. fix wrong assignemnt of lik/rik
2. keys initialized to 0, to avoid using random data
   in stack. could cause memory overlapped then crash
3. show sa->id in hex format

Change-Id: Id0430aa49bb55c27cee4f97f8c0e4ec87515dcd2
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
---

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index ee2e870c343..648455bbecf 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -82,7 +82,8 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
   ipsec_protocol_t proto;
   ipsec_sa_flags_t flags;
   clib_error_t *error;
-  ipsec_key_t ck, ik;
+  ipsec_key_t ck = { 0 };
+  ipsec_key_t ik = { 0 };
   int is_add, rv;
   u32 id, spi;
 
@@ -619,7 +620,10 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
   u8 ipv4_set = 0;
   u8 ipv6_set = 0;
   clib_error_t *error = NULL;
-  ipsec_key_t rck, lck, lik, rik;
+  ipsec_key_t rck = { 0 };
+  ipsec_key_t lck = { 0 };
+  ipsec_key_t lik = { 0 };
+  ipsec_key_t rik = { 0 };
 
   clib_memset (&a, 0, sizeof (a));
   a.is_add = 1;
@@ -709,9 +713,9 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
   clib_memcpy (a.remote_crypto_key, rck.data, rck.len);
   a.remote_crypto_key_len = rck.len;
 
-  clib_memcpy (a.local_integ_key, lck.data, lck.len);
+  clib_memcpy (a.local_integ_key, lik.data, lik.len);
   a.local_integ_key_len = lck.len;
-  clib_memcpy (a.remote_integ_key, rck.data, rck.len);
+  clib_memcpy (a.remote_integ_key, rik.data, rik.len);
   a.remote_integ_key_len = rck.len;
 
   rv = ipsec_add_del_tunnel_if (&a);
diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c
index dc66569702e..d65b2a7ee4f 100644
--- a/src/vnet/ipsec/ipsec_format.c
+++ b/src/vnet/ipsec/ipsec_format.c
@@ -244,7 +244,7 @@ format_ipsec_sa (u8 * s, va_list * args)
 
   sa = pool_elt_at_index (im->sad, sai);
 
-  s = format (s, "[%d] sa %u spi %u mode %s%s protocol %s%s%s%s",
+  s = format (s, "[%d] sa 0x%x spi %u mode %s%s protocol %s%s%s%s",
 	      sai, sa->id, sa->spi,
 	      sa->is_tunnel ? "tunnel" : "transport",
 	      sa->is_tunnel_ip6 ? "-ip6" : "",