Patchwork PATCH : Fix NULL pointer dereference on no default_rng

login
register
mail settings
Submitter Pierre
Date Nov. 12, 2017, 1:30 p.m.
Message ID <2266358.Kig6R46j1N@peanuts2>
Download mbox | patch
Permalink /patch/10054791/
State Superseded
Delegated to: Herbert Xu
Headers show

Comments

Pierre - Nov. 12, 2017, 1:30 p.m.
Hi

The attached patch fixes a kernel panic on boot on my current system that 
occurs since kernel 4.13 (and is still happening with 4.14-rc7).
crypto_get_default_rng() likely returns an error, and ecc_gen_privkey ignore 
that error. Thus when it later uses the default_rng, a null pointer 
dereference occurs.
This patch just sends an error as was likely intended in the original code.

Thanks

 Pierre Ducroquet
PrasannaKumar Muralidharan - Nov. 12, 2017, 1:55 p.m.
Would you mind sending the patch using 'git send-email'? Kernel
community does not accept attachments.

Regards,
PrasannaKumar
Pierre - Nov. 12, 2017, 2:11 p.m.
On Sunday, November 12, 2017 7:25:02 PM CET PrasannaKumar Muralidharan wrote:
> Would you mind sending the patch using 'git send-email'? Kernel
> community does not accept attachments.
> 
> Regards,
> PrasannaKumar

Ho my bad, sorry. Doing it right away.

Patch

From=2040d1addfa5cfeb0b93cec333f35e39900216ddb6 Mon Sep 17 00:00:00 2001
From: Pierre Ducroquet <pinaraf@pinaraf.info>
Date: Sun, 12 Nov 2017 14:18:47 +0100
Subject: [PATCH] Fix NULL pointer deref. on no default_rng

If crypto_get_default_rng returns an error, the
function ecc_gen_privkey should return an error.
Instead, it currently tries to use the default_rng
nevertheless, thus creating a kernel panic with a
NULL pointer dereference.
Returning the error directly, as was supposedly
intended when looking at the code, fixes this.

Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info>
---
 crypto/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 633a9bcdc574..18f32f2a5e1c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -964,7 +964,7 @@  int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
 	 * DRBG with a security strength of 256.
 	 */
 	if (crypto_get_default_rng())
-		err = -EFAULT;
+		return -EFAULT;
 
 	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
 	crypto_put_default_rng();
-- 
2.15.0