Re: [PATCH] crypto: essiv - Handle EBUSY correctly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 13 Jan 2023 at 11:24, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> As it is essiv only handles the special return value of EINPROGERSS,
> which means that in all other cases it will free data related to the
> request.
>
> However, as the caller of essiv may specify MAY_BACKLOG, we also need
> to expect EBUSY and treat it in the same way.  Otherwise backlogged
> requests will trigger a use-after-free.
>
> Fixes: be1eb7f78aa8 ("crypto: essiv - create wrapper template...")
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>

>
> diff --git a/crypto/essiv.c b/crypto/essiv.c
> index e33369df9034..307eba74b901 100644
> --- a/crypto/essiv.c
> +++ b/crypto/essiv.c
> @@ -171,7 +171,12 @@ static void essiv_aead_done(struct crypto_async_request *areq, int err)
>         struct aead_request *req = areq->data;
>         struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
>
> +       if (err == -EINPROGRESS)
> +               goto out;
> +
>         kfree(rctx->assoc);
> +
> +out:
>         aead_request_complete(req, err);
>  }
>
> @@ -247,7 +252,7 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
>         err = enc ? crypto_aead_encrypt(subreq) :
>                     crypto_aead_decrypt(subreq);
>
> -       if (rctx->assoc && err != -EINPROGRESS)
> +       if (rctx->assoc && err != -EINPROGRESS && err != -EBUSY)
>                 kfree(rctx->assoc);
>         return err;
>  }
> --
> Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux