| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180221124537.467213921@linuxfoundation.org>
Date: Wed, 21 Feb 2018 13:49:21 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org,
Markus Elfring <elfring@...rs.sourceforge.net>,
David Disseldorp <ddiss@...e.de>,
Nicholas Bellinger <nab@...ux-iscsi.org>
Subject: [PATCH 4.15 132/163] target/iscsi: avoid NULL dereference in CHAP auth error path
4.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <ddiss@...e.de>
commit ce512d79d0466a604793addb6b769d12ee326822 upstream.
If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then
crypto_free_shash() is called with a NULL pointer which gets
dereferenced in crypto_shash_tfm().
Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash")
Suggested-by: Markus Elfring <elfring@...rs.sourceforge.net>
Signed-off-by: David Disseldorp <ddiss@...e.de>
Cc: stable@...r.kernel.org # 4.6+
Signed-off-by: Nicholas Bellinger <nab@...ux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/target/iscsi/iscsi_target_auth.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -421,7 +421,8 @@ static int chap_server_compute_md5(
auth_ret = 0;
out:
kzfree(desc);
- crypto_free_shash(tfm);
+ if (tfm)
+ crypto_free_shash(tfm);
kfree(challenge);
kfree(challenge_binhex);
return auth_ret;
Powered by blists - more mailing lists