diff mbox series

ipsec: fix unchecked return value

Message ID	e417d446e5cb08976105335fec0f54ce9f4cf4ba.1589187804.git.vladimir.medvedkin@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	IronPort-SDR: LB/YyrVgopwSNT3WXlqHdNul79m5un9UmQMGWSJvYFNKIvgq4mcr5ayep7500HmSnu6ONht3iX tKAQf1iVJeiQ== IronPort-SDR: vhRRqikEaSxE9/zxSCmBCulj5nCLr7dGPSMO9Muf4J/4IjhJiEQXFXTfYJoqt1cmv2xVSwkwPg oMfwmLgphlxQ== From: Vladimir Medvedkin <vladimir.medvedkin@intel.com> To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com, stable@dpdk.org Date: Mon, 11 May 2020 10:23:06 +0100 Message-Id: <e417d446e5cb08976105335fec0f54ce9f4cf4ba.1589187804.git.vladimir.medvedkin@intel.com> Subject: [dpdk-dev] [PATCH] ipsec: fix unchecked return value Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	ipsec: fix unchecked return value \| ipsec: fix unchecked return value

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/travis-robot	warning	Travis build: failed
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-nxp-Performance	success	Performance Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-testing	fail	Testing issues

Commit Message

Vladimir Medvedkin May 11, 2020, 9:23 a.m. UTC

  Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
 lib/librte_ipsec/ipsec_sad.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Ananyev, Konstantin May 11, 2020, 11:08 a.m. UTC | #1

> Explicitly check return value in add_specific()
> CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
> 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
> 
> Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
>  lib/librte_ipsec/ipsec_sad.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
> index 6c95240..3f9533c 100644
> --- a/lib/librte_ipsec/ipsec_sad.c
> +++ b/lib/librte_ipsec/ipsec_sad.c
> @@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
>  	ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
>  		rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
>  		sad->init_val));
> +	if (ret < 0)
> +		return ret;
>  	if (key_type == RTE_IPSEC_SAD_SPI_DIP)
>  		sad->cnt_arr[ret].cnt_dip += notexist;
>  	else
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.7.4

Akhil Goyal May 11, 2020, 11:20 a.m. UTC | #2

> > Explicitly check return value in add_specific()
> > CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
> > 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
> >
> > Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> > ---
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Applied to dpdk-next-crypto

Thanks

diff mbox series

Patch

diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 6c95240..3f9533c 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -104,6 +104,8 @@  add_specific(struct rte_ipsec_sad *sad, const void *key,
 	ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
 		rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
 		sad->init_val));
+	if (ret < 0)
+		return ret;
 	if (key_type == RTE_IPSEC_SAD_SPI_DIP)
 		sad->cnt_arr[ret].cnt_dip += notexist;
 	else