ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipsec: make sure pad_bytes does not exceed pad data size

Browse Source 
This helps GCC understand the memcpy will not overflow pad_data. GCC-6
(default on Debian 9) in particular got confused.

Type: fix

Change-Id: I176eb01531b9d5c7ebec40f015e510b2d56e77c4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 4505f0154eaba59c432c869b65e2dc493837032a)
This commit is contained in:
Benoît Ganne 2019-12-07 09:14:27 -07:00 committed by Andrew Yourtchenko
parent b04bdd12e6
commit 299f9caae6
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/vnet/ipsec/esp_encrypt.c
View File

@ -114,7 +114,11 @@ esp_add_footer_and_icv (vlib_buffer_t * b, u8 block_size, u8 icv_sz,
}
if (pad_bytes)
clib_memcpy_fast ((u8 *) f - pad_bytes, pad_data, pad_bytes);
{
ASSERT (pad_bytes <= ESP_MAX_BLOCK_SIZE);
pad_bytes = clib_min (ESP_MAX_BLOCK_SIZE, pad_bytes);
clib_memcpy_fast ((u8 *) f - pad_bytes, pad_data, pad_bytes);
}
f->pad_length = pad_bytes;
b->current_length = new_length + icv_sz;