From e62893f5ec27a361e74b3961edb808fb3d420bb1 Mon Sep 17 00:00:00 2001
From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Date: Mon, 11 May 2020 10:23:06 +0100
Subject: [PATCH] ipsec: check SAD lookup error

Explicitly check return value in add_specific()
CID 357760 (#2 of 2): Negative array index write (NEGATIVE_RETURNS)
8. negative_returns: Using variable ret as an index to array sad->cnt_arr

Coverity issue: 357760
Fixes: b2ee26926775 ("ipsec: add SAD add/delete/lookup implementation")
Cc: stable@dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ipsec/ipsec_sad.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 6c95240578..3f9533c80a 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -104,6 +104,8 @@ add_specific(struct rte_ipsec_sad *sad, const void *key,
 	ret = rte_hash_lookup_with_hash(sad->hash[RTE_IPSEC_SAD_SPI_ONLY], key,
 		rte_hash_crc(key, sad->keysize[RTE_IPSEC_SAD_SPI_ONLY],
 		sad->init_val));
+	if (ret < 0)
+		return ret;
 	if (key_type == RTE_IPSEC_SAD_SPI_DIP)
 		sad->cnt_arr[ret].cnt_dip += notexist;
 	else
-- 
2.20.1