* [dpdk-dev] [PATCH] ipsec: fix unchecked return value
@ 2020-05-11 9:23 Vladimir Medvedkin
2020-05-11 11:08 ` Ananyev, Konstantin
0 siblings, 1 reply; 3+ messages in thread
From: Vladimir Medvedkin @ 2020-05-11 9:23 UTC (permalink / raw)
To: dev; +Cc: konstantin.ananyev, akhil.goyal, stable
Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
lib/librte_ipsec/ipsec_sad.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 6c95240..3f9533c 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
sad->init_val));
+ if (ret < 0)
+ return ret;
if (key_type == RTE_IPSEC_SAD_SPI_DIP)
sad->cnt_arr[ret].cnt_dip += notexist;
else
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] ipsec: fix unchecked return value
2020-05-11 9:23 [dpdk-dev] [PATCH] ipsec: fix unchecked return value Vladimir Medvedkin
@ 2020-05-11 11:08 ` Ananyev, Konstantin
2020-05-11 11:20 ` Akhil Goyal
0 siblings, 1 reply; 3+ messages in thread
From: Ananyev, Konstantin @ 2020-05-11 11:08 UTC (permalink / raw)
To: Medvedkin, Vladimir, dev; +Cc: akhil.goyal, stable
> Explicitly check return value in add_specific()
> CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
> 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
>
> Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
> Cc: stable@dpdk.org
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
> lib/librte_ipsec/ipsec_sad.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
> index 6c95240..3f9533c 100644
> --- a/lib/librte_ipsec/ipsec_sad.c
> +++ b/lib/librte_ipsec/ipsec_sad.c
> @@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
> ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
> rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
> sad->init_val));
> + if (ret < 0)
> + return ret;
> if (key_type == RTE_IPSEC_SAD_SPI_DIP)
> sad->cnt_arr[ret].cnt_dip += notexist;
> else
> --
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] ipsec: fix unchecked return value
2020-05-11 11:08 ` Ananyev, Konstantin
@ 2020-05-11 11:20 ` Akhil Goyal
0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2020-05-11 11:20 UTC (permalink / raw)
To: Ananyev, Konstantin, Medvedkin, Vladimir, dev; +Cc: stable
> > Explicitly check return value in add_specific()
> > CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
> > 8. negative_returns: Using variable ret as an index to array sad->cnt_arr
> >
> > Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> > ---
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Applied to dpdk-next-crypto
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-11 11:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-11 9:23 [dpdk-dev] [PATCH] ipsec: fix unchecked return value Vladimir Medvedkin
2020-05-11 11:08 ` Ananyev, Konstantin
2020-05-11 11:20 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).