| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e5a3f28ec5cf426998f00083ec4f1f58@omp.ru> Date: Thu, 21 Mar 2024 12:01:02 +0000 From: Roman Smirnov <r.smirnov@....ru> To: Herbert Xu <herbert@...dor.apana.org.au> CC: "David S. Miller" <davem@...emloft.net>, Sergey Shtylyov <s.shtylyov@....ru>, Karina Yankevich <k.yankevich@....ru>, "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org> Subject: Re: [PATCH] crypto: ecc: fix NULL pointer dereferencing in ecc_gen_privkey() On Thu, 21 Mar 2024 17:54:44 +0800, Herbert Xu wrote: > On Thu, Mar 07, 2024 at 10:13:18AM +0300, Roman Smirnov wrote: > > ecc_get_curve() can return NULL. It is necessary to check > > for NULL before dereferencing. > > > > Found by Linux Verification Center (linuxtesting.org) with Svace. > > > > Signed-off-by: Roman Smirnov <r.smirnov@....ru> > > Reviewed-by: Sergey Shtylyov <s.shtylyov@....ru> > > --- > > crypto/ecc.c | 7 ++++++- > > 1 file changed, 6 insertions(+), 1 deletion(-) > > Please point me to the exact code path where this can happen. I didn't find a specific path. Several places in the file have this check: ecc_make_pub_key() crypto_ecdh_shared_secret() I thought it was needed in this place too.
Powered by blists - more mailing lists