lib.ipsec.esp.decrypt_payload: remove redundant bounds/spi checks

snabbco · Dec 15, 2017 · ae09895 · ae09895
1 parent 1600fcb
commit ae09895
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/src/lib/ipsec/esp.lua b/src/lib/ipsec/esp.lua
@@ -188,15 +188,13 @@ function decrypt:new (conf)
 end
 
 function decrypt:decrypt_payload (ptr, length)
-   if not self.esp:new_from_mem(ptr, length)
-      or self.esp:spi() ~= self.spi
-   then return nil end
-
+   -- NB: bounds check is performed by caller
+   local esp = self.esp:new_from_mem(ptr, esp:sizeof())
    local iv_start = ptr + ESP_SIZE
    local ctext_start = ptr + self.CTEXT_OFFSET
    local ctext_length = length - self.PLAIN_OVERHEAD
 
-   local seq_low = self.esp:seq_no()
+   local seq_low = esp:seq_no()
    local seq_high = tonumber(
       C.check_seq_no(seq_low, self.seq.no, self.window, self.window_size)
    )