Re: [PATCH] crypto: ccree: Fix use after free in cc_cipher_exit()

From: Herbert Xu
Date: Tue Mar 08 2022 - 22:22:09 EST

Next message: Herbert Xu: "Re: [PATCH] crypto: marvell/octeontx - Use swap() instead of open coding it"
Previous message: Herbert Xu: "Re: [PATCH] ccp: ccp_dmaengine_unregister release dma channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 03, 2022 at 10:23:37AM +0800, Jianglei Nie wrote:
> kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But
> ctx_p->user.key is still used in the next line, which will lead to a
> use after free.
>
> We can call kfree_sensitive() after dev_dbg() to avoid the uaf.
>
> Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
> ---
> drivers/crypto/ccree/cc_cipher.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Herbert Xu: "Re: [PATCH] crypto: marvell/octeontx - Use swap() instead of open coding it"
Previous message: Herbert Xu: "Re: [PATCH] ccp: ccp_dmaengine_unregister release dma channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]