Fixed check when checking ESP packet size.

Also, log more data in "Vector doesn't have capacity for ESP headers" errors.
zlogic · Nov 30, 2024 · 2840bc8 · 2840bc8
1 parent 5fefbfe
commit 2840bc8
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/ikev2/mod.rs b/src/ikev2/mod.rs
@@ -879,10 +879,16 @@ impl Sessions {
             })
         {
             let msg_len = data.len();
-            if data.len() >= MAX_ESP_PACKET_SIZE {
+            let encoded_length = sa.encoded_length(data.len());
+            if encoded_length > data.capacity() {
+                warn!(
+                    "Vector doesn't have capacity for ESP headers, data length is {}, capacity is {}",
+                    msg_len,
+                    data.capacity()
+                );
                 return Err("Vector doesn't have capacity for ESP headers".into());
             }
-            data.resize(sa.encoded_length(data.len()), 0);
+            data.resize(encoded_length, 0);
             let encrypted_data = sa.handle_vpn(data.as_mut_slice(), msg_len)?;
             trace!(
                 "Encrypted VPN packet to {}\n{:?}",