Re: [PATCH] crypto: fix uninit-value in af_alg_free_resources

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi David,

David Howells <dhowells@xxxxxxxxxx> says:
Pavel Skripkin <paskripkin@xxxxxxxxx> wrote:

Syzbot was able to trigger use of uninitialized memory in
af_alg_free_resources.

Bug is caused by missing initialization of rsgl->sgl.need_unpin before
adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl
is left with uninitialized need_unpin which is read during clean up

Looks feasible :-).

+		rsgl->sgl.need_unpin = 0;
+

The blank line isn't really necessary and it's a bool, so can you use 'false'
rather than '0'?

Alternatively, it might be better to move:

		rsgl->sgl.need_unpin =
			iov_iter_extract_will_pin(&msg->msg_iter);

up instead.


Thank you for review! I've just posted v2 :)



With regards,
Pavel Skripkin



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux