From fd7c1172ed153c725f062a9a07fe780b03fba67a Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev@intel.com>
Date: Wed, 27 Mar 2019 09:33:28 +0000
Subject: [PATCH] examples/ipsec_secgw: fix possible null dereference

Coverity issue: 336844
Fixes: 3e5f4625dc17 ("examples/ipsec-secgw: make data-path to use IPsec library")
Cc: stable@dpdk.org

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/ipsec-secgw/ipsec_process.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index e403c461aa..3f9cacb8fd 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -217,16 +217,11 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 		pg = grp + i;
 		sa = pg->id.ptr;
 
-		/* no valid SA found */
-		if (sa == NULL)
-			k = 0;
-
 		ips = &sa->ips;
-		satp = rte_ipsec_sa_type(ips->sa);
 
 		/* no valid HW session for that SA, try to create one */
-		if (ips->crypto.ses == NULL &&
-				fill_ipsec_session(ips, ctx, sa) != 0)
+		if (sa == NULL || (ips->crypto.ses == NULL &&
+				fill_ipsec_session(ips, ctx, sa) != 0))
 			k = 0;
 
 		/* process packets inline */
@@ -234,6 +229,8 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
 				sa->type ==
 				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
 
+			satp = rte_ipsec_sa_type(ips->sa);
+
 			/*
 			 * This is just to satisfy inbound_sa_check()
 			 * and get_hop_for_offload_pkt().
-- 
2.20.1