[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v1 2/2] crypto: afalg: fix a NULL pointer dereference
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PULL v1 2/2] crypto: afalg: fix a NULL pointer dereference |
Date: |
Wed, 8 Nov 2017 13:36:12 +0000 |
From: Longpeng <address@hidden>
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with
errp=NULL, this will cause a NULL pointer dereference if afalg_driver
doesn't support requested algos:
ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
errp);
if (ret == 0) {
return ret;
}
error_free(*errp); // <--- here
Because the error message is thrown away immediately, we should
just pass NULL to hash_bytesv(). There is also the same problem in
afalg-backend cipher & hmac, let's fix them together.
Reviewed-by: Eric Blake <address@hidden>
Reported-by: Paolo Bonzini <address@hidden>
Signed-off-by: Longpeng <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
---
crypto/cipher.c | 5 +----
crypto/hash.c | 13 +++++--------
crypto/hmac.c | 4 +---
3 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 0aad9d6d79..bcbfb3d5b8 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm
alg,
{
QCryptoCipher *cipher;
void *ctx = NULL;
- Error *err2 = NULL;
QCryptoCipherDriver *drv = NULL;
#ifdef CONFIG_AF_ALG
- ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);
+ ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
if (ctx) {
drv = &qcrypto_cipher_afalg_driver;
}
@@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm
alg,
if (!ctx) {
ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
if (!ctx) {
- error_free(err2);
return NULL;
}
drv = &qcrypto_cipher_lib_driver;
- error_free(err2);
}
cipher = g_new0(QCryptoCipher, 1);
diff --git a/crypto/hash.c b/crypto/hash.c
index ac59c63d5f..8dab25d9ea 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -48,19 +48,16 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
{
#ifdef CONFIG_AF_ALG
int ret;
-
+ /*
+ * TODO:
+ * Maybe we should treat some afalg errors as fatal
+ */
ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
- errp);
+ NULL);
if (ret == 0) {
return ret;
}
-
- /*
- * TODO:
- * Maybe we should treat some afalg errors as fatal
- */
- error_free(*errp);
#endif
return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 82b0055adf..f6c2d8db60 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
{
QCryptoHmac *hmac;
void *ctx = NULL;
- Error *err2 = NULL;
QCryptoHmacDriver *drv = NULL;
#ifdef CONFIG_AF_ALG
- ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
+ ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL);
if (ctx) {
drv = &qcrypto_hmac_afalg_driver;
}
@@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
}
drv = &qcrypto_hmac_lib_driver;
- error_free(err2);
}
hmac = g_new0(QCryptoHmac, 1);
--
2.13.6