| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190724100204.2009-1-baijiaju1990@gmail.com>
Date: Wed, 24 Jul 2019 18:02:04 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: tytso@....edu, jaegeuk@...nel.org, ebiggers@...nel.org
Cc: linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] fs: crypto: keyinfo: Fix a possible null-pointer dereference in derive_key_aes()
In derive_key_aes(), tfm is assigned to NULL on line 46, and then
crypto_free_skcipher(tfm) is executed.
crypto_free_skcipher(tfm)
crypto_skcipher_tfm(tfm)
return &tfm->base;
Thus, a possible null-pointer dereference may occur.
To fix this bug, tfm is checked before calling crypto_free_skcipher().
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
fs/crypto/keyinfo.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 207ebed918c1..b419720cac54 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -66,7 +66,8 @@ static int derive_key_aes(const u8 *master_key,
res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
out:
skcipher_request_free(req);
- crypto_free_skcipher(tfm);
+ if (tfm)
+ crypto_free_skcipher(tfm);
return res;
}
--
2.17.0
Powered by blists - more mailing lists