| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180420165455.4kmmphyexqyd3kp3@gondor.apana.org.au>
Date: Sat, 21 Apr 2018 00:54:55 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Stephan Müller <smueller@...onox.de>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
"Theodore Y. Ts'o" <tytso@....edu>,
Matthew Wilcox <willy@...radead.org>,
David Miller <davem@...emloft.net>,
linux-crypto@...r.kernel.org, Eric Biggers <ebiggers3@...il.com>,
syzbot <syzbot+75397ee3df5c70164154@...kaller.appspotmail.com>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] crypto: drbg - set freed buffers to NULL
On Thu, Apr 12, 2018 at 08:40:55AM +0200, Stephan Müller wrote:
> Add the Fixes, CC stable tags.
>
> ---8<---
>
> During freeing of the internal buffers used by the DRBG, set the pointer
> to NULL. It is possible that the context with the freed buffers is
> reused. In case of an error during initialization where the pointers
> do not yet point to allocated memory, the NULL value prevents a double
> free.
>
> Cc: stable@...r.kernel.org
> Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers")
> Signed-off-by: Stephan Mueller <smueller@...onox.de>
> Reported-by: syzbot+75397ee3df5c70164154@...kaller.appspotmail.com
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists