Re: [PATCH] crypto: fix uninit-value in af_alg_free_resources

From: David Howells
Date: Mon Aug 14 2023 - 04:28:21 EST

Next message: Hans de Goede: "Re: [PATCH] watchdog: simatic: add PCI dependency"
Previous message: Zhang, Rui: "Re: [patch V3 27/40] x86/cpu: Provide a sane leaf 0xb/0x1f parser"
In reply to: Pavel Skripkin: "[PATCH] crypto: fix uninit-value in af_alg_free_resources"
Next in thread: Pavel Skripkin: "Re: [PATCH] crypto: fix uninit-value in af_alg_free_resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Skripkin <paskripkin@xxxxxxxxx> wrote:

> Syzbot was able to trigger use of uninitialized memory in
> af_alg_free_resources.
>
> Bug is caused by missing initialization of rsgl->sgl.need_unpin before
> adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl
> is left with uninitialized need_unpin which is read during clean up

Looks feasible :-).

> + rsgl->sgl.need_unpin = 0;
> +

The blank line isn't really necessary and it's a bool, so can you use 'false'
rather than '0'?

Alternatively, it might be better to move:

rsgl->sgl.need_unpin =
iov_iter_extract_will_pin(&msg->msg_iter);

up instead.

David

Next message: Hans de Goede: "Re: [PATCH] watchdog: simatic: add PCI dependency"
Previous message: Zhang, Rui: "Re: [patch V3 27/40] x86/cpu: Provide a sane leaf 0xb/0x1f parser"
In reply to: Pavel Skripkin: "[PATCH] crypto: fix uninit-value in af_alg_free_resources"
Next in thread: Pavel Skripkin: "Re: [PATCH] crypto: fix uninit-value in af_alg_free_resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]