Re: crypto: api - Fix use-after-free and race in crypto_spawn_alg
From: Eric Biggers
Date: Wed Apr 15 2020 - 22:30:06 EST
On Thu, Apr 16, 2020 at 12:25:02PM +1000, Herbert Xu wrote:
> On Wed, Apr 15, 2020 at 07:17:03PM -0700, Eric Biggers wrote:
> >
> > Wouldn't it be a bit simpler to set 'target = NULL', remove 'shoot',
> > and use 'if (target)' instead of 'if (shoot)'?
>
> Yes it is simpler but it's actually semantically different because
> the compiler doesn't know that spawn->alg cannot be NULL in this
> case.
>
I'm not sure what you mean here. crypto_alg_get() is:
static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg)
{
refcount_inc(&alg->cra_refcnt);
return alg;
}
So given:
target = crypto_alg_get(alg);
Both alg and target have to be non-NULL.
- Eric