examples/ipsec_secgw: fix possible null dereference

Coverity issue: 336844
Fixes: 3e5f4625dc17 ("examples/ipsec-secgw: make data-path to use IPsec library")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index e403c46..3f9cacb 100644 (file)
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -217,16 +217,11 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
                pg = grp + i;
                sa = pg->id.ptr;
 
-               /* no valid SA found */
-               if (sa == NULL)
-                       k = 0;
-
                ips = &sa->ips;
-               satp = rte_ipsec_sa_type(ips->sa);
 
                /* no valid HW session for that SA, try to create one */
-               if (ips->crypto.ses == NULL &&
-                               fill_ipsec_session(ips, ctx, sa) != 0)
+               if (sa == NULL || (ips->crypto.ses == NULL &&
+                               fill_ipsec_session(ips, ctx, sa) != 0))
                        k = 0;
 
                /* process packets inline */
@@ -234,6 +229,8 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
                                sa->type ==
                                RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
 
+                       satp = rte_ipsec_sa_type(ips->sa);
+
                        /*
                         * This is just to satisfy inbound_sa_check()
                         * and get_hop_for_offload_pkt().