diff mbox series

[v2,5/5] linux-gen: ipsec: fix SA leak in SA creation

Message ID 1517238014-22220-6-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [v2,1/5] linux-gen: ipsec: disallow using SAs while they are being created | expand

Commit Message

Github ODP bot Jan. 29, 2018, 3 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


odp_ipsec_sa_create can leave SA locked if one asks for
ODP_AUTH_AES_GMAC with non-NULL encryption. Unlock SA in error path.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 427 (lumag:ipsec-fix-sad)
 ** https://github.com/Linaro/odp/pull/427
 ** Patch: https://github.com/Linaro/odp/pull/427.patch
 ** Base sha: 27480d82bd93a881ae683a3c314c11042a68ce29
 ** Merge commit sha: 67c9dbf28c41ea7a53782ba841276b03f154c4ef
 **/
 platform/linux-generic/odp_ipsec_sad.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 2af72bbb5..60d9b8fe7 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -416,7 +416,7 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		break;
 	case ODP_AUTH_ALG_AES_GMAC:
 		if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
-			return ODP_IPSEC_SA_INVALID;
+			goto error;
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;