[PATCH] crypto: ecc: fix NULL pointer dereferencing in ecc_gen_privkey()

From: Roman Smirnov
Date: Thu Mar 07 2024 - 02:14:21 EST

Next message: Mike Rapoport: "Re: [RFC][PATCH 0/4] Make bpf_jit and kprobes work with CONFIG_MODULES=n"
Previous message: Uwe Kleine-König: "Re: [PATCH 2/4] siox: Provide a devm variant of siox_master_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ecc_get_curve() can return NULL. It is necessary to check
for NULL before dereferencing.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Signed-off-by: Roman Smirnov <r.smirnov@xxxxxx>
Reviewed-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
---
crypto/ecc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index f53fb4d6af99..fd63e354895b 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1471,9 +1471,14 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
const struct ecc_curve *curve = ecc_get_curve(curve_id);
u64 priv[ECC_MAX_DIGITS];
unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
- unsigned int nbits = vli_num_bits(curve->n, ndigits);
+ unsigned int nbits;
int err;

+ if (!curve)
+ return -EINVAL;
+
+ nbits = vli_num_bits(curve->n, ndigits);
+
/* Check that N is included in Table 1 of FIPS 186-4, section 6.1.1 */
if (nbits < 160 || ndigits > ARRAY_SIZE(priv))
return -EINVAL;
--
2.34.1

Next message: Mike Rapoport: "Re: [RFC][PATCH 0/4] Make bpf_jit and kprobes work with CONFIG_MODULES=n"
Previous message: Uwe Kleine-König: "Re: [PATCH 2/4] siox: Provide a devm variant of siox_master_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]