Re: [PATCH] crypto: drbg - set freed buffers to NULL

From: Eric Biggers
Date: Wed Apr 11 2018 - 13:29:34 EST

Next message: tj@xxxxxxxxxx: "Re: [PATCH v2] blk-cgroup: remove entries in blkg_tree before queue release"
Previous message: Guenter Roeck: "Re: [PATCH 4.16 00/18] 4.16.2-stable review"
In reply to: Stephan Müller: "[PATCH] crypto: drbg - set freed buffers to NULL"
Next in thread: Stephan Müller: "[PATCH] crypto: drbg - set freed buffers to NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 11, 2018 at 04:31:01PM +0200, Stephan Müller wrote:
> Sorry, this time with the proper subject line.
>
> ---8<---
>
> During freeing of the internal buffers used by the DRBG, set the pointer
> to NULL. It is possible that the context with the freed buffers is
> reused. In case of an error during initialization where the pointers
> do not yet point to allocated memory, the NULL value prevents a double
> free.
>
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
> Reported-by: syzbot+75397ee3df5c70164154@xxxxxxxxxxxxxxxxxxxxxxxxx
> ---
> crypto/drbg.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index 4faa2781c964..466a112a4446 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
> if (!drbg)
> return;
> kzfree(drbg->Vbuf);
> + drbg->Vbuf = NULL;
> drbg->V = NULL;
> kzfree(drbg->Cbuf);
> + drbg->Cbuf = NULL;
> drbg->C = NULL;
> kzfree(drbg->scratchpadbuf);
> drbg->scratchpadbuf = NULL;

Can you please add Fixes and Cc stable?

- Eric

Next message: tj@xxxxxxxxxx: "Re: [PATCH v2] blk-cgroup: remove entries in blkg_tree before queue release"
Previous message: Guenter Roeck: "Re: [PATCH 4.16 00/18] 4.16.2-stable review"
In reply to: Stephan Müller: "[PATCH] crypto: drbg - set freed buffers to NULL"
Next in thread: Stephan Müller: "[PATCH] crypto: drbg - set freed buffers to NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]