[PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec

Bruce Richardson bruce.richardson at intel.com
Thu Feb 12 18:13:21 CET 2026

Previous message (by thread): [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
Next message (by thread): [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 12, 2026 at 12:53:26PM +0000, Anatoly Burakov wrote:
> When parsing IPsec flows, we access the `conf` pointer unconditionally,
> even though it might be NULL. Fix by adding the check.
> 
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau at intel.com
> Cc: stable at dpdk.org
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
> ---

Acked-by: Bruce Richardson <bruce.richardson at intel.com>


>  drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 90072e757e..81b983ce69 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
>  	act = next_no_void_action(actions, NULL);
>  	if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
>  		const void *conf = act->conf;
> +
> +		if (conf == NULL) {
> +			rte_flow_error_set(error, EINVAL,
> +				RTE_FLOW_ERROR_TYPE_ACTION_CONF,
> +				act, "NULL security conf.");
> +			return -rte_errno;
> +		}
>  		/* check if the next not void item is END */
>  		act = next_no_void_action(actions, act);
>  		if (act->type != RTE_FLOW_ACTION_TYPE_END) {
> -- 
> 2.47.3
>

Previous message (by thread): [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
Next message (by thread): [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list