| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 22:43:59 +0100
From: SF Markus Elfring <elfring@...rs.sourceforge.net>
To: target-devel@...r.kernel.org, linux-scsi@...r.kernel.org,
Al Viro <viro@...iv.linux.org.uk>,
Arun Easi <arun.easi@...ium.com>,
Bart Van Assche <bart.vanassche@...disk.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
David Disseldorp <ddiss@...e.de>,
Hannes Reinecke <hare@...e.com>,
Ingo Molnar <mingo@...nel.org>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Jiang Yi <jiangyilism@...il.com>,
Kees Cook <keescook@...omium.org>,
"Nicholas A. Bellinger" <nab@...ux-iscsi.org>,
Russell King <rmk+kernel@...linux.org.uk>,
Tang Wenji <tang.wenji@....com.cn>,
Theodore Ts'o <tytso@....edu>,
Varun Prakash <varun@...lsio.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org
Subject: [PATCH 2/8] target/iscsi: Move resetting of seven variables in
chap_server_compute_md5()
From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Tue, 12 Dec 2017 19:43:47 +0100
Move the resetting of these array variables so that this operation will
be performed only if memory allocations succeeded before in this function.
Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
drivers/target/iscsi/iscsi_target_auth.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 94b011fe74e8..d837fcbdbaf2 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -197,14 +197,6 @@ static int chap_server_compute_md5(
struct shash_desc *desc;
int auth_ret = -1, ret, challenge_len;
- memset(identifier, 0, 10);
- memset(chap_n, 0, MAX_CHAP_N_SIZE);
- memset(chap_r, 0, MAX_RESPONSE_LENGTH);
- memset(digest, 0, MD5_SIGNATURE_SIZE);
- memset(response, 0, MD5_SIGNATURE_SIZE * 2 + 2);
- memset(client_digest, 0, MD5_SIGNATURE_SIZE);
- memset(server_digest, 0, MD5_SIGNATURE_SIZE);
-
challenge = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL);
if (!challenge) {
pr_err("Unable to allocate challenge buffer\n");
@@ -216,6 +208,9 @@ static int chap_server_compute_md5(
pr_err("Unable to allocate challenge_binhex buffer\n");
goto free_challenge;
}
+
+ memset(chap_n, 0, MAX_CHAP_N_SIZE);
+
/*
* Extract CHAP_N.
*/
@@ -236,6 +231,8 @@ static int chap_server_compute_md5(
goto free_challenge_binhex;
}
pr_debug("[server] Got CHAP_N=%s\n", chap_n);
+ memset(chap_r, 0, MAX_RESPONSE_LENGTH);
+
/*
* Extract CHAP_R.
*/
@@ -250,6 +247,7 @@ static int chap_server_compute_md5(
}
pr_debug("[server] Got CHAP_R=%s\n", chap_r);
+ memset(client_digest, 0, MD5_SIGNATURE_SIZE);
chap_string_to_hex(client_digest, chap_r, strlen(chap_r));
tfm = crypto_alloc_shash("md5", 0, 0);
@@ -286,6 +284,7 @@ static int chap_server_compute_md5(
goto free_desc;
}
+ memset(server_digest, 0, MD5_SIGNATURE_SIZE);
ret = crypto_shash_finup(desc, chap->challenge,
CHAP_CHALLENGE_LENGTH, server_digest);
if (ret < 0) {
@@ -293,6 +292,7 @@ static int chap_server_compute_md5(
goto free_desc;
}
+ memset(response, 0, MD5_SIGNATURE_SIZE * 2 + 2);
chap_binaryhex_to_asciihex(response, server_digest, MD5_SIGNATURE_SIZE);
pr_debug("[server] MD5 Server Digest: %s\n", response);
@@ -310,6 +310,9 @@ static int chap_server_compute_md5(
auth_ret = 0;
goto free_desc;
}
+
+ memset(identifier, 0, ARRAY_SIZE(identifier));
+
/*
* Get CHAP_I.
*/
@@ -393,6 +396,9 @@ static int chap_server_compute_md5(
" password_mutual\n");
goto free_desc;
}
+
+ memset(digest, 0, MD5_SIGNATURE_SIZE);
+
/*
* Convert received challenge to binary hex.
*/
--
2.15.1
Powered by blists - more mailing lists