SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto: afalg: fix a NULL pointer dereference

Browse Source 
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with
errp=NULL, this will cause a NULL pointer dereference if afalg_driver
doesn't support requested algos:

    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
                                                result, resultlen,
                                                errp);
    if (ret == 0) {
        return ret;
    }

    error_free(*errp);  // <--- here

Because the error message is thrown away immediately, we should
just pass NULL to hash_bytesv(). There is also the same problem in
afalg-backend cipher & hmac, let's fix them together.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Longpeng <longpeng2@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Longpeng 2017-11-07 19:32:06 +08:00 committed by Daniel P. Berrange
parent b417a7624c
commit f1710638ed
3 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/cipher.c
View File

@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
{ {
QCryptoCipher *cipher; QCryptoCipher *cipher;
void *ctx = NULL; void *ctx = NULL;
Error *err2 = NULL;
QCryptoCipherDriver *drv = NULL; QCryptoCipherDriver *drv = NULL;
#ifdef CONFIG_AF_ALG #ifdef CONFIG_AF_ALG
ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2); ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
if (ctx) { if (ctx) {
drv = &qcrypto_cipher_afalg_driver; drv = &qcrypto_cipher_afalg_driver;
} }
@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
if (!ctx) { if (!ctx) {
ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
if (!ctx) { if (!ctx) {
error_free(err2);
return NULL; return NULL;
} }
drv = &qcrypto_cipher_lib_driver; drv = &qcrypto_cipher_lib_driver;
error_free(err2);
} }
cipher = g_new0(QCryptoCipher, 1); cipher = g_new0(QCryptoCipher, 1);

15
crypto/hash.c
View File

@ -48,19 +48,16 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
{ {
#ifdef CONFIG_AF_ALG #ifdef CONFIG_AF_ALG
int ret; int ret;
ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
errp);
if (ret == 0) {
return ret;
}
/* /*
* TODO: * TODO:
* Maybe we should treat some afalg errors as fatal * Maybe we should treat some afalg errors as fatal
*/ */
error_free(*errp); ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
NULL);
if (ret == 0) {
return ret;
}
#endif #endif
return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov, return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,

4
crypto/hmac.c
View File

@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
{ {
QCryptoHmac *hmac; QCryptoHmac *hmac;
void *ctx = NULL; void *ctx = NULL;
Error *err2 = NULL;
QCryptoHmacDriver *drv = NULL; QCryptoHmacDriver *drv = NULL;
#ifdef CONFIG_AF_ALG #ifdef CONFIG_AF_ALG
ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2); ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL);
if (ctx) { if (ctx) {
drv = &qcrypto_hmac_afalg_driver; drv = &qcrypto_hmac_afalg_driver;
} }
@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
} }
drv = &qcrypto_hmac_lib_driver; drv = &qcrypto_hmac_lib_driver;
error_free(err2);
} }
hmac = g_new0(QCryptoHmac, 1); hmac = g_new0(QCryptoHmac, 1);