On Fri, Oct 09, 2015 at 11:29:44AM +0100, Russell King wrote: > If the algorithm passed a zero statesize, do not pass a valid pointer > into the export/import functions. Passing a valid pointer covers up > bugs in driver code which then go on to smash the kernel stack. > Instead, pass NULL, which will cause any attempt to write to the > pointer to fail. > > Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx> The state size should never be zero for a hash algorithm. Having a zero state means that the hash output must always be identical. Such an algorithm would be quite useless. So how about adding a check upon hash registration to verify that the state size is greater than zero? The place to do it would be shash_prepare_alg and ahash_prepare_alg. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html