Re: scatterwalk.c: Nullpointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Montag, 14. August 2017, 14:25:49 CEST schrieb Plauth, Max:

Hi Max,

> Dear linux-crypto community,
> 
> I think I might have run into a bug in crypto/scatterwalk.c:
> - at the end of scatterwalk_pagedone, sg_next(walk->sg) is fed as an
> argument to scatterwalk_start(...) - sg_next (lib/scatterlist.c) returns
> NULL in the case of sg_is_last(sg) - In this case, NULL is being fed into
> scatterwalk_start
> - there, a NULL value of *sg leads to a NULL pointer dereference:
> walk->sg = sg;
> walk->offset = sg->offset;
> 
> I stumbled across this issue when I tried to extend the cryptodev-linux
> Kernel module with support for compression algorithms
> (https://github.com/plauth/cryptodev-linux).

You are quite right that this looks like a nullpointer. But you should never 
run into this problem because the scatterwalk length definition should ensure 
that this never happens. I.e. the scatterwalk length should not be longer than 
the underlying SGL.

Thus, the bug you report is rather a bug in the scatterlist / scatterwalk 
length definition.

Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux