PATCH : Fix NULL pointer dereference on no default_rng

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

The attached patch fixes a kernel panic on boot on my current system that
occurs since kernel 4.13 (and is still happening with 4.14-rc7).
crypto_get_default_rng() likely returns an error, and ecc_gen_privkey ignore
that error. Thus when it later uses the default_rng, a null pointer
dereference occurs.
This patch just sends an error as was likely intended in the original code.

Thanks

 Pierre Ducroquet
From 40d1addfa5cfeb0b93cec333f35e39900216ddb6 Mon Sep 17 00:00:00 2001
From: Pierre Ducroquet <pinaraf@xxxxxxxxxxxx>
Date: Sun, 12 Nov 2017 14:18:47 +0100
Subject: [PATCH] Fix NULL pointer deref. on no default_rng

If crypto_get_default_rng returns an error, the
function ecc_gen_privkey should return an error.
Instead, it currently tries to use the default_rng
nevertheless, thus creating a kernel panic with a
NULL pointer dereference.
Returning the error directly, as was supposedly
intended when looking at the code, fixes this.

Signed-off-by: Pierre Ducroquet <pinaraf@xxxxxxxxxxxx>
---
 crypto/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 633a9bcdc574..18f32f2a5e1c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
 	 * DRBG with a security strength of 256.
 	 */
 	if (crypto_get_default_rng())
-		err = -EFAULT;
+		return -EFAULT;

 	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
 	crypto_put_default_rng();
--
2.15.0

Attachment: signature.asc
Description: This is a digitally signed message part.


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux