In the following functions: - `ecb_crypt` - `cbc_encrypt` - `cbc_decrypt` `struct skcipher_walk *walk` is not fully initialized before its use. Although the call to `skcipher_walk_virt()` and subsequent functions that this function calls seem to initialize some fields of this struct, there is a chance that `skcipher_walk_virt()` returns without fully clearing or properly initializing the `->flags` field which means that the following flags: `SKCIPHER_WALK_DIFF`, `SKCIPHER_WALK_COPY`, `SKCIPHER_WALK_SLOW` could be storing junk values by the time `skcipher_walk_done()` is called. This could lead to buggy or undefined behaviour since these flags are checked in `skcipher_walk_done()`: ```C int skcipher_walk_done(struct skcipher_walk *walk, int err) { ... if (likely(!(walk->flags & (SKCIPHER_WALK_PHYS | SKCIPHER_WALK_SLOW | SKCIPHER_WALK_COPY | SKCIPHER_WALK_DIFF)))) { ... } ``` To prevent this, this patch ensures that instances of `struct skcipher_walk` are correctly initialized prior to their use. Addresses-Coverity-IDs: 1434673 ("Unintialized scalar variable") Signed-off-by: Yuran Pereira <yuran.pereira@xxxxxxxxxxx> --- arch/x86/crypto/des3_ede_glue.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/crypto/des3_ede_glue.c b/arch/x86/crypto/des3_ede_glue.c index abb8b1fe123b..6f16b09b52fe 100644 --- a/arch/x86/crypto/des3_ede_glue.c +++ b/arch/x86/crypto/des3_ede_glue.c @@ -15,6 +15,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/types.h> +#include <linux/string.h> struct des3_ede_x86_ctx { struct des3_ede_ctx enc; @@ -70,6 +71,7 @@ static int ecb_crypt(struct skcipher_request *req, const u32 *expkey) unsigned int nbytes; int err; + memset(&walk, 0, sizeof(walk)); err = skcipher_walk_virt(&walk, req, false); while ((nbytes = walk.nbytes)) { @@ -154,6 +156,7 @@ static int cbc_encrypt(struct skcipher_request *req) unsigned int nbytes; int err; + memset(&walk, 0, sizeof(walk)); err = skcipher_walk_virt(&walk, req, false); while (walk.nbytes) { @@ -233,6 +236,7 @@ static int cbc_decrypt(struct skcipher_request *req) unsigned int nbytes; int err; + memset(&walk, 0, sizeof(walk)); err = skcipher_walk_virt(&walk, req, false); while (walk.nbytes) { -- 2.25.1