PATCH : Fix NULL pointer dereference on no default_rng

Message ID	2266358.Kig6R46j1N@peanuts2 (mailing list archive)
State	Superseded
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> From: Pierre <pinaraf@pinaraf.info> To: linux-crypto@vger.kernel.org Cc: davem@davemloft.net, herbert@gondor.apana.org.au Subject: PATCH : Fix NULL pointer dereference on no default_rng Date: Sun, 12 Nov 2017 14:30:29 +0100 Message-ID: <2266358.Kig6R46j1N@peanuts2> User-Agent: KMail/5.2.3 (Linux/4.12.0-2-amd64; KDE/5.37.0; x86_64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3894775.KXgezVveBg"; micalg="pgp-sha512"; protocol="application/pgp-signature" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk

Message ID

2266358.Kig6R46j1N@peanuts2 (mailing list archive)

State

Superseded

Delegated to:

Herbert Xu

Headers

From: Pierre <pinaraf@pinaraf.info>
To: linux-crypto@vger.kernel.org
Cc: davem@davemloft.net, herbert@gondor.apana.org.au
Subject: PATCH : Fix NULL pointer dereference on no default_rng
Date: Sun, 12 Nov 2017 14:30:29 +0100
Message-ID: <2266358.Kig6R46j1N@peanuts2>
User-Agent: KMail/5.2.3 (Linux/4.12.0-2-amd64; KDE/5.37.0; x86_64; ; )
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3894775.KXgezVveBg";
	micalg="pgp-sha512"; protocol="application/pgp-signature"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk

Commit Message

Pierre Nov. 12, 2017, 1:30 p.m. UTC

Hi

The attached patch fixes a kernel panic on boot on my current system that 
occurs since kernel 4.13 (and is still happening with 4.14-rc7).
crypto_get_default_rng() likely returns an error, and ecc_gen_privkey ignore 
that error. Thus when it later uses the default_rng, a null pointer 
dereference occurs.
This patch just sends an error as was likely intended in the original code.

Thanks

 Pierre Ducroquet

Comments

PrasannaKumar Muralidharan Nov. 12, 2017, 1:55 p.m. UTC | #1

Would you mind sending the patch using 'git send-email'? Kernel
community does not accept attachments.

Regards,
PrasannaKumar

Pierre Nov. 12, 2017, 2:11 p.m. UTC | #2

On Sunday, November 12, 2017 7:25:02 PM CET PrasannaKumar Muralidharan wrote:
> Would you mind sending the patch using 'git send-email'? Kernel
> community does not accept attachments.
> 
> Regards,
> PrasannaKumar

Ho my bad, sorry. Doing it right away.

From=2040d1addfa5cfeb0b93cec333f35e39900216ddb6 Mon Sep 17 00:00:00 2001
From: Pierre Ducroquet <pinaraf@pinaraf.info>
Date: Sun, 12 Nov 2017 14:18:47 +0100
Subject: [PATCH] Fix NULL pointer deref. on no default_rng

If crypto_get_default_rng returns an error, the
function ecc_gen_privkey should return an error.
Instead, it currently tries to use the default_rng
nevertheless, thus creating a kernel panic with a
NULL pointer dereference.
Returning the error directly, as was supposedly
intended when looking at the code, fixes this.

Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info>
---
 crypto/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 633a9bcdc574..18f32f2a5e1c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -964,7 +964,7 @@  int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
 	 * DRBG with a security strength of 256.
 	 */
 	if (crypto_get_default_rng())
-		err = -EFAULT;
+		return -EFAULT;
 
 	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
 	crypto_put_default_rng();
-- 
2.15.0

PATCH : Fix NULL pointer dereference on no default_rng

Commit Message

Comments

Patch