Hi James, Can you pull these patches please and pass them on to Linus? They include the following: (1) Fix mpi_powm()'s handling of a number with a zero exponent [CVE-2016-8650]. (2) Fix double free in X.509 error handling. Ver #3: - Integrate my and Andrey's patches for mpi_powm() and use mpi_resize() instead of RESIZE_IF_NEEDED() - the latter adds a duplicate check into the execution path of a trivial case we don't normally expect to be taken. Ver #2: - Use RESIZE_IF_NEEDED() to conditionally resize the result rather than manually doing this. The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes Tagged thusly: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20161124-3 David --- Andrey Ryabinin (2): X.509: Fix double free in x509_cert_parse() mpi: Fix NULL ptr dereference in mpi_powm() crypto/asymmetric_keys/x509_cert_parser.c | 1 - lib/mpi/mpi-pow.c | 7 ++++++- 2 files changed, 6 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
