From 3829fe6487d5fd74458245391dac8169a57b3c9f Mon Sep 17 00:00:00 2001 From: David Coyle Date: Thu, 16 Jul 2020 16:32:18 +0100 Subject: [PATCH] crypto/aesni_mb: fix memory leak in DOCSIS session This patch improves the DOCSIS session creation as follows: - it validates the security action type as well as the protocol before creating a session and now does this validation before allocating the session from the mempool Fixes: fda5216fba55 ("crypto/aesni_mb: support DOCSIS protocol") Signed-off-by: David Coyle Acked-by: Pablo de Lara --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index ed93daec74..2362f0c3ce 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -875,16 +875,17 @@ aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL || + conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + AESNI_MB_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + if (rte_mempool_get(mempool, &sess_private_data)) { AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); return -ENOMEM; } - if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { - AESNI_MB_LOG(ERR, "Invalid security protocol"); - return -EINVAL; - } - ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, sess_private_data); -- 2.20.1