lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1205721.1764376811@warthog.procyon.org.uk>
Date: Sat, 29 Nov 2025 00:40:11 +0000
From: David Howells <dhowells@...hat.com>
To: Christian Brauner <brauner@...nel.org>
cc: dhowells@...hat.com, Paulo Alcantra <pc@...guebit.org>,
    torvalds@...ux-foundation.org,
    syzbot+41c68824eefb67cdf00c@...kaller.appspotmail.com,
    Marc Dionne <marc.dionne@...istor.com>,
    linux-afs@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
    linux-kernel@...r.kernel.org
Subject: [PATCH] afs: Fix uninit var in afs_alloc_anon_key()

Fix an uninitialised variable (key) in afs_alloc_anon_key() by setting it
to cell->anonymous_key.  Without this change, the error check may return a
false failure with a bad error number.

Most of the time this is unlikely to happen because the first encounter
with afs_alloc_anon_key() will usually be from (auto)mount, for which all
subsequent operations must wait - apart from other (auto)mounts.  Once the
call->anonymous_key is allocated, all further calls to afs_request_key()
will skip the call to afs_alloc_anon_key() for that cell.

Fixes: d27c71257825 ("afs: Fix delayed allocation of a cell's anonymous key")
Reported-by: Paulo Alcantra <pc@...guebit.org>
Signed-off-by: David Howells <dhowells@...hat.com>
Reviewed-by: Paulo Alcantara <pc@...guebit.org>
cc: Marc Dionne <marc.dionne@...istor.com>
cc: syzbot+41c68824eefb67cdf00c@...kaller.appspotmail.com
cc: linux-afs@...ts.infradead.org
cc: linux-fsdevel@...r.kernel.org
---
 fs/afs/security.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/afs/security.c b/fs/afs/security.c
index ff8830e6982f..55ddce94af03 100644
--- a/fs/afs/security.c
+++ b/fs/afs/security.c
@@ -26,7 +26,8 @@ static int afs_alloc_anon_key(struct afs_cell *cell)
 	struct key *key;
 
 	mutex_lock(&afs_key_lock);
-	if (!cell->anonymous_key) {
+	key = cell->anonymous_key;
+	if (!key) {
 		key = rxrpc_get_null_key(cell->key_desc);
 		if (!IS_ERR(key))
 			cell->anonymous_key = key;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ