diff mbox series

[API-NEXT,v8,16/16] linux-gen: ipsec: don't leak SA on creation error

Message ID 1510444815-25058-17-git-send-email-odpbot@yandex.ru
State Superseded
Headers show
Series [API-NEXT,v8,1/16] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 12, 2017, midnight UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix
them by always releasing SA in error case.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710
 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 6a17a9172..ec2bd27e1 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -310,7 +310,7 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->icv_len = 16;
 		break;
 	default:
-		return ODP_IPSEC_SA_INVALID;
+		goto error;
 	}
 
 	switch (crypto_param.cipher_alg) {
@@ -340,7 +340,7 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		crypto_param.iv.length = 12;
 		break;
 	default:
-		return ODP_IPSEC_SA_INVALID;
+		goto error;
 	}
 
 	if (1 == ipsec_sa->use_counter_iv &&