[lng-odp] [PATCH API-NEXT v15 12/14] linux-gen: ipsec: don't leak SA on creation error

Github ODP bot Sun, 12 Nov 2017 18:11:22 -0800

From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>

Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix
them by always releasing SA in error case.


Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 44a6636daa5f976c8aac76116e80e0c764352072
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index c30119249..425175692 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -296,7 +296,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
                ipsec_sa->icv_len = 16;
                break;
        default:
-               return ODP_IPSEC_SA_INVALID;
+               goto error;
        }
 
        switch (crypto_param.cipher_alg) {
@@ -329,7 +329,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
                crypto_param.iv.length = 12;
                break;
        default:
-               return ODP_IPSEC_SA_INVALID;
+               goto error;
        }
 
        if (1 == ipsec_sa->use_counter_iv &&

[lng-odp] [PATCH API-NEXT v15 12/14] linux-gen: ipsec: don't leak SA on creation error

Reply via email to