From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 6a17a9172..ec2bd27e1 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -340,7 +340,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv &&
