On Tue, Mar 02, 2021 at 09:33:03PM +0100, Ard Biesheuvel wrote: > Given that crypto_alloc_tfm() may return ERR pointers, and to avoid > crashes on obscure error paths where such pointers are presented to > crypto_destroy_tfm() (such as [0]), add an ERR_PTR check there > before dereferencing the second argument as a struct crypto_tfm > pointer. > > [0] https://lore.kernel.org/linux-crypto/000000000000de949705bc59e0f6@xxxxxxxxxx/ > > Reported-by: syzbot+12cf5fbfdeba210a89dd@xxxxxxxxxxxxxxxxxxxxxxxxx > Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > v3: missed crypto_free_shash() in v2 > add Eric's Rb > v2: update kerneldoc comments of callers to crypto_destroy_tfm() that NULL or > error pointers are ignored. > > crypto/api.c | 2 +- > include/crypto/acompress.h | 2 ++ > include/crypto/aead.h | 2 ++ > include/crypto/akcipher.h | 2 ++ > include/crypto/hash.h | 4 ++++ > include/crypto/kpp.h | 2 ++ > include/crypto/rng.h | 2 ++ > include/crypto/skcipher.h | 2 ++ > 8 files changed, 17 insertions(+), 1 deletion(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
