From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B4018A0350; Mon, 11 May 2020 11:23:12 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 864291C0DB; Mon, 11 May 2020 11:23:12 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id D4BEE1C00F; Mon, 11 May 2020 11:23:10 +0200 (CEST) IronPort-SDR: LB/YyrVgopwSNT3WXlqHdNul79m5un9UmQMGWSJvYFNKIvgq4mcr5ayep7500HmSnu6ONht3iX tKAQf1iVJeiQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2020 02:23:09 -0700 IronPort-SDR: vhRRqikEaSxE9/zxSCmBCulj5nCLr7dGPSMO9Muf4J/4IjhJiEQXFXTfYJoqt1cmv2xVSwkwPg oMfwmLgphlxQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,379,1583222400"; d="scan'208";a="436631326" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga005.jf.intel.com with ESMTP; 11 May 2020 02:23:08 -0700 From: Vladimir Medvedkin To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com, stable@dpdk.org Date: Mon, 11 May 2020 10:23:06 +0100 Message-Id: X-Mailer: git-send-email 2.7.4 Subject: [dpdk-dev] [PATCH] ipsec: fix unchecked return value X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Explicitly check return value in add_specific() CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS) 8. negative_returns: Using variable ret as an index to array sad->cnt_arr Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation") Cc: stable@dpdk.org Signed-off-by: Vladimir Medvedkin --- lib/librte_ipsec/ipsec_sad.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c index 6c95240..3f9533c 100644 --- a/lib/librte_ipsec/ipsec_sad.c +++ b/lib/librte_ipsec/ipsec_sad.c @@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key, ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key, rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY], sad->init_val)); + if (ret < 0) + return ret; if (key_type == RTE_IPSEC_SAD_SPI_DIP) sad->cnt_arr[ret].cnt_dip += notexist; else -- 2.7.4