net/iavf: fix null pointer dereference
Checks
Commit Message
Check for memory allocation failure is added to avoid null
pointer dereference.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
drivers/net/iavf/iavf_ipsec_crypto.c | 2 ++
1 file changed, 2 insertions(+)
Comments
On 1/25/2022 2:23 PM, Weiguo Li wrote:
> Check for memory allocation failure is added to avoid null
> pointer dereference.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
> -----Original Message-----
> From: Weiguo Li <liwg06@foxmail.com>
> Sent: Tuesday, January 25, 2022 10:23 PM
> To: Wu, Jingjing <jingjing.wu@intel.com>
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; dev@dpdk.org
> Subject: [PATCH] net/iavf: fix null pointer dereference
>
> Check for memory allocation failure is added to avoid null pointer
> dereference.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
> ---
> drivers/net/iavf/iavf_ipsec_crypto.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c
> b/drivers/net/iavf/iavf_ipsec_crypto.c
> index adf101ab8a..ac67aa28f7 100644
> --- a/drivers/net/iavf/iavf_ipsec_crypto.c
> +++ b/drivers/net/iavf/iavf_ipsec_crypto.c
> @@ -1352,6 +1352,8 @@ iavf_ipsec_crypto_set_security_capabililites(struct
> iavf_security_ctx
> capabilities = rte_zmalloc("crypto_cap",
> sizeof(struct rte_cryptodev_capabilities) *
> (number_of_capabilities + 1), 0);
> + if (!capabilities)
> + return (-ENOMEM);
Better to unwrap the bracket to keep coding style consistent
> capabilities[number_of_capabilities].op =
> RTE_CRYPTO_OP_TYPE_UNDEFINED;
>
> /**
> --
> 2.25.1
@@ -1352,6 +1352,8 @@ iavf_ipsec_crypto_set_security_capabililites(struct iavf_security_ctx
capabilities = rte_zmalloc("crypto_cap",
sizeof(struct rte_cryptodev_capabilities) *
(number_of_capabilities + 1), 0);
+ if (!capabilities)
+ return (-ENOMEM);
capabilities[number_of_capabilities].op = RTE_CRYPTO_OP_TYPE_UNDEFINED;
/**