From: Pierre <pinaraf@pinaraf.info>
To: linux-crypto@vger.kernel.org
Cc: davem@davemloft.net, herbert@gondor.apana.org.au
Subject: PATCH : Fix NULL pointer dereference on no default_rng
Date: Sun, 12 Nov 2017 14:30:29 +0100 [thread overview]
Message-ID: <2266358.Kig6R46j1N@peanuts2> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 414 bytes --]
Hi
The attached patch fixes a kernel panic on boot on my current system that
occurs since kernel 4.13 (and is still happening with 4.14-rc7).
crypto_get_default_rng() likely returns an error, and ecc_gen_privkey ignore
that error. Thus when it later uses the default_rng, a null pointer
dereference occurs.
This patch just sends an error as was likely intended in the original code.
Thanks
Pierre Ducroquet
[-- Attachment #1.2: 0001-Fix-NULL-pointer-deref.-on-no-default_rng.patch --]
[-- Type: text/x-patch, Size: 1113 bytes --]
From=2040d1addfa5cfeb0b93cec333f35e39900216ddb6 Mon Sep 17 00:00:00 2001
From: Pierre Ducroquet <pinaraf@pinaraf.info>
Date: Sun, 12 Nov 2017 14:18:47 +0100
Subject: [PATCH] Fix NULL pointer deref. on no default_rng
If crypto_get_default_rng returns an error, the
function ecc_gen_privkey should return an error.
Instead, it currently tries to use the default_rng
nevertheless, thus creating a kernel panic with a
NULL pointer dereference.
Returning the error directly, as was supposedly
intended when looking at the code, fixes this.
Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info>
---
crypto/ecc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 633a9bcdc574..18f32f2a5e1c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
* DRBG with a security strength of 256.
*/
if (crypto_get_default_rng())
- err = -EFAULT;
+ return -EFAULT;
err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
crypto_put_default_rng();
--
2.15.0
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2017-11-12 13:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-12 13:30 Pierre [this message]
2017-11-12 13:55 ` PATCH : Fix NULL pointer dereference on no default_rng PrasannaKumar Muralidharan
2017-11-12 14:11 ` Pierre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2266358.Kig6R46j1N@peanuts2 \
--to=pinaraf@pinaraf.info \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.