lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 27 Jun 2011 14:57:48 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Jesper Juhl <jj@...osbits.net>
Cc:	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] Crypto: Don't use err uninitialized in
	algif_hash.c:hash_sendmsg()

On Sun, Jun 26, 2011 at 11:23:06PM +0200, Jesper Juhl wrote:
> If af_alg_make_sg() returns <0 in hash_sendmsg() we'll jump to the
> 'unlock' label without having set 'err' to anything. At the 'unlock'
> label the value of 'err' is tested to determine return value of the
> function - not good to base that on a uninitialized variable.
> 
> This patch sets 'err' to the return value of hash_sendmsg() before the
> 'goto' when the value is less than zero, which seems to me to be the
> proper thing to do.
> 
> Signed-off-by: Jesper Juhl <jj@...osbits.net>

Thanks for catching this!

> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 62122a1..1847544 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -68,9 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
>  			int newlen;
>  
>  			newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
> -			if (newlen < 0)
> +			if (newlen < 0) {
> +				err = newlen;
>  				goto unlock;
> -
> +			}

This isn't quite what we want though.  The error from af_alg_make_sg
should only be fatal if we haven't sent anything at all.  That is,
it's OK to get an error on the second try.

So I'm going to tweak your patch a little bit and apply this:

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 62122a1..ef5356c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -68,8 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
 			int newlen;
 
 			newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
-			if (newlen < 0)
+			if (newlen < 0) {
+				err = copied ? 0 : newlen;
 				goto unlock;
+			}
 
 			ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL,
 						newlen);

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ