Re: Bug somewhere in crypto or ipsec stuff

From: YOSHIFUJI Hideaki / 吉藤英明
Date: Thu Oct 30 2003 - 00:27:24 EST

Next message: Jeff Garzik: "Re: Things that Longhorn seems to be doing right"
Previous message: Kristofer T. Karas: "Re: RadeonFB [Re: 2.4.23pre8 - ACPI Kernel Panic on boot]"
In reply to: James Morris: "Re: Bug somewhere in crypto or ipsec stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <Xine.LNX.4.44.0310292344530.23580-100000@xxxxxxxxxxxxxxxxxxxxxxxx> (at Wed, 29 Oct 2003 23:47:05 -0500 (EST)), James Morris <jmorris@xxxxxxxxxx> says:

> > Do you mean that we need to fix the caller?
>
> Yes.

> > - crypto allows name == NULL, and return any algorithm
> > (for example, an algorithm that we see first.)
> > - caller may filter name == NULL case if it is ambiguous in their context.
>
> I think that could be dangerous, including if calling with null is a
> bug, and they get an inappropriate algorithm. An incorrect algorithm type
> could also be returned (e.g. digest instead of a cipher).

okay. how about this?

===== crypto/api.c 1.30 vs edited =====
--- 1.30/crypto/api.c Sat Mar 29 20:16:58 2003
+++ edited/crypto/api.c Thu Oct 30 14:21:53 2003
@@ -36,6 +36,9 @@
struct crypto_alg *crypto_alg_lookup(const char *name)
{
struct crypto_alg *q, *alg = NULL;
+
+ if (!name)
+ return NULL;

down_read(&crypto_alg_sem);

===== net/ipv4/ipcomp.c 1.16 vs edited =====
--- 1.16/net/ipv4/ipcomp.c Mon Aug 18 20:14:38 2003
+++ edited/net/ipv4/ipcomp.c Thu Oct 30 14:18:49 2003
@@ -360,7 +360,12 @@
ipcd->scratch = kmalloc(IPCOMP_SCRATCH_SIZE, GFP_KERNEL);
if (!ipcd->scratch)
goto error;
-
+
+ if (!x->calg->alg_name) {
+ err = -EINVAL;
+ goto error;
+ }
+
ipcd->tfm = crypto_alloc_tfm(x->calg->alg_name, 0);
if (!ipcd->tfm)
goto error;
===== net/ipv6/ipcomp6.c 1.7 vs edited =====
--- 1.7/net/ipv6/ipcomp6.c Mon Aug 18 20:14:38 2003
+++ edited/net/ipv6/ipcomp6.c Thu Oct 30 14:18:49 2003
@@ -293,6 +293,11 @@
if (!ipcd->scratch)
goto error;

+ if (!x->calg->alg_name) {
+ err = -EINVAL;
+ goto error;
+ }
+
ipcd->tfm = crypto_alloc_tfm(x->calg->alg_name, 0);
if (!ipcd->tfm)
goto error;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: Things that Longhorn seems to be doing right"
Previous message: Kristofer T. Karas: "Re: RadeonFB [Re: 2.4.23pre8 - ACPI Kernel Panic on boot]"
In reply to: James Morris: "Re: Bug somewhere in crypto or ipsec stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]