[dpdk-dev] [PATCH] ipsec: fix unchecked return value

Vladimir Medvedkin vladimir.medvedkin at intel.com
Mon May 11 11:23:06 CEST 2020

Previous message: [dpdk-dev] [dpdk-stable] [PATCH] app/test-fib: fix unchecked return value
Next message: [dpdk-dev] [PATCH] ipsec: fix unchecked return value
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable at dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
---
 lib/librte_ipsec/ipsec_sad.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 6c95240..3f9533c 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
 	ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
 		rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
 		sad->init_val));
+	if (ret < 0)
+		return ret;
 	if (key_type == RTE_IPSEC_SAD_SPI_DIP)
 		sad->cnt_arr[ret].cnt_dip += notexist;
 	else
-- 
2.7.4

Previous message: [dpdk-dev] [dpdk-stable] [PATCH] app/test-fib: fix unchecked return value
Next message: [dpdk-dev] [PATCH] ipsec: fix unchecked return value
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list