From: Satheesh Paul <[email protected]>
This patch fixes the patterns buffer overrun issue reported
by Coverity.
Coverity issue: 379236
Fixes: 8d0cdaa2d7 ("examples/ipsec-secgw: support mark and security flow
action")
Cc: [email protected]
Signed-off-by: Satheesh Paul <[email protected]>
Reviewed-by: Akhil Goyal <[email protected]>
---
examples/ipsec-secgw/flow.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c
index aee97b2fc4..9b18be83af 100644
--- a/examples/ipsec-secgw/flow.c
+++ b/examples/ipsec-secgw/flow.c
@@ -270,7 +270,7 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens,
nb_flow_rule++;
}
-#define MAX_RTE_FLOW_PATTERN (4)
+#define MAX_RTE_FLOW_PATTERN (5)
#define MAX_RTE_FLOW_ACTIONS (5)
static void
@@ -334,9 +334,7 @@ flow_init_single(struct flow_rule_entry *rule)
pattern[pattern_idx].spec = &rule->ipv4.spec;
pattern[pattern_idx].mask = &rule->ipv4.mask;
pattern_idx++;
- }
-
- if (rule->is_ipv6) {
+ } else if (rule->is_ipv6) {
pattern[pattern_idx].type = RTE_FLOW_ITEM_TYPE_IPV6;
pattern[pattern_idx].spec = &rule->ipv6.spec;
pattern[pattern_idx].mask = &rule->ipv6.mask;
--
2.35.3
