On Mon, Feb 5, 2018 at 1:06 PM, Chengguang Xu <cgxu519@xxxxxxxxxx> wrote:
>
>
> Thanks,
> Chengguang.
>
>
>
>> 在 2018年2月5日,下午7:51,Ilya Dryomov <idryomov@xxxxxxxxx> 写道:
>>
>> On Sun, Feb 4, 2018 at 11:08 AM, Chengguang Xu <cgxu519@xxxxxxxxxx> wrote:
>>> There are many reasons of failure from get_secret(),
>>> so it's necessary to add a check before calling crypto_free_skcipher()
>>> in case of NULL pointer dereference.
>>>
>>> Signed-off-by: Chengguang Xu <cgxu519@xxxxxxxxxx>
>>> ---
>>> net/ceph/crypto.c | 6 ++++--
>>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
>>> index bf9d079..bb1dc2d 100644
>>> --- a/net/ceph/crypto.c
>>> +++ b/net/ceph/crypto.c
>>> @@ -136,8 +136,10 @@ void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
>>> if (key) {
>>> kfree(key->key);
>>> key->key = NULL;
>>> - crypto_free_skcipher(key->tfm);
>>> - key->tfm = NULL;
>>> + if (key->tfm) {
>>> + crypto_free_skcipher(key->tfm);
>>> + key->tfm = NULL;
>>> + }
>>> }
>>> }
>>
>> Hi Chengguang,
>>
>> crypto_free_skcipher() can handle a NULL pointer just fine:
>>
>> void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
>> {
>> struct crypto_alg *alg;
>>
>> if (unlikely(!mem))
>> return;
>
> Hi Ilya,
>
> How about crypto_skcipher_tfm() in below call stack?
>
> ceph_crypto_key_destroy() -> crypto_free_skcipher() -> crypto_destroy_tfm() -> crypto_skcipher_tfm()
>
> static inline struct crypto_tfm *crypto_skcipher_tfm(
> struct crypto_skcipher *tfm)
> {
> return &tfm->base;
> }
That's an address-of, not a dereference. When tfm is NULL, the result
is the offset of base in crypto_skcipher.
Thanks,
Ilya
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
