crypto/aesni_mb: fix memory leak in DOCSIS session

This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
  creating a session and now does this validation before allocating the
  session from the mempool

Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index ed93dae..2362f0c 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
        struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
        int ret;
 
+       if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+                       conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+               AESNI_MB_LOG(ERR, "Invalid security protocol");
+               return -EINVAL;
+       }
+
        if (rte_mempool_get(mempool, &sess_private_data)) {
                AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
                return -ENOMEM;
        }
 
-       if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
-               AESNI_MB_LOG(ERR, "Invalid security protocol");
-               return -EINVAL;
-       }
-
        ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
                        sess_private_data);