There are corner cases where skcipher_walk_aead_encrypt() may be invoked with a zero sized input, which is not rejected by the walker code, but results in the skcipher_walk structure to not be fully initialized. This will leave stale values in its page and buffer members, which will be subsequently passed to kfree() or free_page() by skcipher_walk_done(), resulting in a crash if those routines fail to identify them as in valid inputs. Fix this by setting page and buffer to NULL even if the size of the input is zero. Note that for AEAD encryption in particular, a zero sized input could be a valid and meaningful use of the API, given the support for associated authenticated data (AAD), which gets reflected in the authentication tag as well. For symmetry, apply the same fix to the plain skcipher walker code, even though in that case, no meaningful usage scenarios are known for zero sized inputs. Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> --- crypto/skcipher.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index a15376245416..ed2deb031742 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -455,6 +455,8 @@ static int skcipher_walk_skcipher(struct skcipher_walk *walk, walk->nbytes = 0; walk->iv = req->iv; walk->oiv = req->iv; + walk->buffer = NULL; + walk->page = NULL; if (unlikely(!walk->total)) return 0; @@ -511,6 +513,8 @@ static int skcipher_walk_aead_common(struct skcipher_walk *walk, walk->nbytes = 0; walk->iv = req->iv; walk->oiv = req->iv; + walk->buffer = NULL; + walk->page = NULL; if (unlikely(!walk->total)) return 0; -- 2.20.1