On Mon, Dec 18, 2017 at 11:09:23AM +0000, Li Kun wrote:
> alg_setkey do not check the keylen whether it is zero, so the key
> may be ZERO_SIZE_PTR when keylen is 0, which will pass the
> copy_from_user's checking and be passed to the lower functions as key.
>
> If the lower functions only check the key if it is NULL, ZERO_SIZE_PTR
> will pass the checking, and will cause null ptr dereference, so it's
> better to intercept the invalid parameters in the upper functions.
>
> This patch is also suitable to fix CVE-2017-15116 for stable trees.
>
> Signed-off-by: Li Kun <hw.likun@xxxxxxxxxx>
> ---
> crypto/af_alg.c | 2 ++
> 1 file changed, 2 insertions(+)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>