Re: [PATCH] drbd: dynamically allocate shash descriptor

From: Arnd Bergmann
Date: Mon Jun 17 2019 - 16:44:07 EST

Next message: Jaskaran Singh Khurana: "Re: [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation."
Previous message: Dan Williams: "Re: [PATCH 07/25] memremap: validate the pagemap type passed to devm_memremap_pages"
In reply to: Roland Kammerer: "Re: [PATCH] drbd: dynamically allocate shash descriptor"
Next in thread: Herbert Xu: "Re: [PATCH] drbd: dynamically allocate shash descriptor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 17, 2019 at 4:36 PM Roland Kammerer
<roland.kammerer@xxxxxxxxxx> wrote:
> > @@ -5572,6 +5579,7 @@ static int drbd_do_auth(struct drbd_connection *connection)
> > kfree(response);
> > kfree(right_response);
> > shash_desc_zero(desc);
> > + kfree(desc);
> >
> > return rv;
> > }
>
> Hi Arnd,
>
> are you sure your cleanup is okay?
>
> > shash_desc_zero(desc);
> > + kfree(desc);
>
> You shash_desc_zero() a potential NULL pointer. memzero_expicit() in the
> function then dereferences it:
>
> memzero_explicit(desc,
> sizeof(*desc) + crypto_shash_descsize(desc->tfm));
>
> Maybe some if (desc) guard?

Good catch. I guess kzfree() would have been the right thing to call.

Arnd

Next message: Jaskaran Singh Khurana: "Re: [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation."
Previous message: Dan Williams: "Re: [PATCH 07/25] memremap: validate the pagemap type passed to devm_memremap_pages"
In reply to: Roland Kammerer: "Re: [PATCH] drbd: dynamically allocate shash descriptor"
Next in thread: Herbert Xu: "Re: [PATCH] drbd: dynamically allocate shash descriptor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]