Hi The attached patch fixes a kernel panic on boot on my current system that occurs since kernel 4.13 (and is still happening with 4.14-rc7). crypto_get_default_rng() likely returns an error, and ecc_gen_privkey ignore that error. Thus when it later uses the default_rng, a null pointer dereference occurs. This patch just sends an error as was likely intended in the original code. Thanks Pierre Ducroquet
From 40d1addfa5cfeb0b93cec333f35e39900216ddb6 Mon Sep 17 00:00:00 2001 From: Pierre Ducroquet <pinaraf@xxxxxxxxxxxx> Date: Sun, 12 Nov 2017 14:18:47 +0100 Subject: [PATCH] Fix NULL pointer deref. on no default_rng If crypto_get_default_rng returns an error, the function ecc_gen_privkey should return an error. Instead, it currently tries to use the default_rng nevertheless, thus creating a kernel panic with a NULL pointer dereference. Returning the error directly, as was supposedly intended when looking at the code, fixes this. Signed-off-by: Pierre Ducroquet <pinaraf@xxxxxxxxxxxx> --- crypto/ecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecc.c b/crypto/ecc.c index 633a9bcdc574..18f32f2a5e1c 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) * DRBG with a security strength of 256. */ if (crypto_get_default_rng()) - err = -EFAULT; + return -EFAULT; err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes); crypto_put_default_rng(); -- 2.15.0
Attachment:
signature.asc
Description: This is a digitally signed message part.