Currently, IPsec flow parser will look for IPv4 flow item in the pattern,
and then pass it to IPsec SA flow function. However, we do not check if the
spec pointer is actually valid. Fix by adding the check.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Anatoly Burakov <[email protected]>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c
b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 81b983ce69..90a24806d2 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
}
item = next_no_void_pattern(pattern, item);
}
+ if (item->spec == NULL) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item,
+ "NULL IP pattern.");
+ return -rte_errno;
+ }
filter->proto = IPPROTO_ESP;
return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
--
2.47.3
