From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konstantin Ananyev Subject: [PATCH 2/3] examples/ipsec_secgw: fix possible NULL dereference Date: Wed, 27 Mar 2019 09:33:28 +0000 Message-ID: <20190327093329.12521-3-konstantin.ananyev@intel.com> References: <20190327093329.12521-1-konstantin.ananyev@intel.com> Cc: akhil.goyal@nxp.com, Konstantin Ananyev To: dev@dpdk.org Return-path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 6006F532C for ; Wed, 27 Mar 2019 10:33:37 +0100 (CET) In-Reply-To: <20190327093329.12521-1-konstantin.ananyev@intel.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Fixes: 3e5f4625dc17 ("examples/ipsec-secgw: make data-path to use IPsec library") Coverity issue: 336844 Signed-off-by: Konstantin Ananyev --- examples/ipsec-secgw/ipsec_process.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c index e403c461a..3f9cacb8f 100644 --- a/examples/ipsec-secgw/ipsec_process.c +++ b/examples/ipsec-secgw/ipsec_process.c @@ -217,16 +217,11 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf) pg = grp + i; sa = pg->id.ptr; - /* no valid SA found */ - if (sa == NULL) - k = 0; - ips = &sa->ips; - satp = rte_ipsec_sa_type(ips->sa); /* no valid HW session for that SA, try to create one */ - if (ips->crypto.ses == NULL && - fill_ipsec_session(ips, ctx, sa) != 0) + if (sa == NULL || (ips->crypto.ses == NULL && + fill_ipsec_session(ips, ctx, sa) != 0)) k = 0; /* process packets inline */ @@ -234,6 +229,8 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf) sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { + satp = rte_ipsec_sa_type(ips->sa); + /* * This is just to satisfy inbound_sa_check() * and get_hop_for_offload_pkt(). -- 2.17.1