| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250930032824.690214-1-sunyiqixm@gmail.com> Date: Tue, 30 Sep 2025 11:28:24 +0800 From: Dave Sun <sunyiqixm@...il.com> To: herbert@...dor.apana.org.au, davem@...emloft.net Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, Dave Sun <sunyiqixm@...il.com> Subject: [PATCH] crypto: fix null-ptr-dereference in rng_setentropy When CONFIG_CRYPTO_USER_API_RNG_CAVP is enable, algif_type_rng->setentropy = rng_setentropy. If we setsockopt on a af_alg socket binding a rng algorithm with ALG_SET_DRBG_ENTROPY opt, kernel will run to ->set_ent in rng_setentropy. Since struct rng_alg like jent_alg dose not set set_ent which default value is 0, null-ptr-dereference will happen. Check ->set_ent before call it. Signed-off-by: Yiqi Sun <sunyiqixm@...il.com> --- crypto/algif_rng.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c index 10c41adac3b1..26a75c54192b 100644 --- a/crypto/algif_rng.c +++ b/crypto/algif_rng.c @@ -303,6 +303,9 @@ static int __maybe_unused rng_setentropy(void *private, sockptr_t entropy, return PTR_ERR(kentropy); } + if (!crypto_rng_alg(pctx->drng)->set_ent) + return -EOPNOTSUPP; + crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len); /* * Since rng doesn't perform any memory management for the entropy -- 2.34.1
Powered by blists - more mailing lists