| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231214030834.2665-1-tianjia.zhang@linux.alibaba.com>
Date: Thu, 14 Dec 2023 11:08:34 +0800
From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Mimi Zohar <zohar@...ux.ibm.com>, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Subject: [PATCH] crypto: lib/mpi - Fix unexpected pointer access
When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.
Fixes: d58bb7e55a8a ("lib/mpi: Introduce ec implementation to MPI library")
Cc: stable@...r.kernel.org # v6.5
Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
---
lib/crypto/mpi/ec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/crypto/mpi/ec.c b/lib/crypto/mpi/ec.c
index 40f5908e57a4..e16dca1e23d5 100644
--- a/lib/crypto/mpi/ec.c
+++ b/lib/crypto/mpi/ec.c
@@ -584,6 +584,9 @@ void mpi_ec_init(struct mpi_ec_ctx *ctx, enum gcry_mpi_ec_models model,
ctx->a = mpi_copy(a);
ctx->b = mpi_copy(b);
+ ctx->d = NULL;
+ ctx->t.two_inv_p = NULL;
+
ctx->t.p_barrett = use_barrett > 0 ? mpi_barrett_init(ctx->p, 0) : NULL;
mpi_ec_get_reset(ctx);
--
2.24.3 (Apple Git-128)
Powered by blists - more mailing lists