dpdk: fix ipsec coverity warning

Type: fix Fixes: 5025d40a11 Update the expression for a conditional block which should be executed when an encrypted packet will be sent via IPv6. Coverity was complaining that a NULL pointer could be dereferenced. It is unclear whether that ever would have actually happened, but the updated expression should quell the warning and should more accurately detect whether the block for IPv6 should be executed. Change-Id: I731cad1f982e8f55bd44e6e05e98eff96f1957bb Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-16 11:30:02 -05:00
parent 785daf4f84
commit c458f5c09a
1 changed files with 4 additions and 2 deletions
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -475,13 +475,13 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 	  f0->pad_length = pad_bytes;
 	  f0->next_header = next_hdr_type;

-	  if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa0))
+	  if (oh6_0)
 	    {
 	      u16 len = b0->current_length - sizeof (ip6_header_t);
 	      oh6_0->ip6.payload_length =
 		clib_host_to_net_u16 (len - rewrite_len);
 	    }
-	  else
+	  else if (oh0)
 	    {
 	      oh0->ip4.length =
 		clib_host_to_net_u16 (b0->current_length - rewrite_len);
@@ -494,6 +494,8 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 					  ip4_header_bytes (&ouh0->ip4));
 		}
 	    }
+	  else			/* should never happen */
+	    clib_warning ("No outer header found for ESP packet");

 	  b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;