ipsec: check SAD lookup error

Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 6c95240..3f9533c 100644 (file)
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
        ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
                rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
                sad->init_val));
+       if (ret < 0)
+               return ret;
        if (key_type == RTE_IPSEC_SAD_SPI_DIP)
                sad->cnt_arr[ret].cnt_dip += notexist;
        else