2011-06-26 21:33:08

by Jesper Juhl

[permalink] [raw]
Subject: [PATCH] Crypto: Don't use err uninitialized in algif_hash.c:hash_sendmsg()

If af_alg_make_sg() returns <0 in hash_sendmsg() we'll jump to the
'unlock' label without having set 'err' to anything. At the 'unlock'
label the value of 'err' is tested to determine return value of the
function - not good to base that on a uninitialized variable.

This patch sets 'err' to the return value of hash_sendmsg() before the
'goto' when the value is less than zero, which seems to me to be the
proper thing to do.

Signed-off-by: Jesper Juhl <[email protected]>
---
crypto/algif_hash.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 62122a1..1847544 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -68,9 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
int newlen;

newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
- if (newlen < 0)
+ if (newlen < 0) {
+ err = newlen;
goto unlock;
-
+ }
ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL,
newlen);

--
1.7.5.2


--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.


2011-06-26 23:21:24

by David Miller

[permalink] [raw]
Subject: Re: [PATCH] Crypto: Don't use err uninitialized in algif_hash.c:hash_sendmsg()

From: Jesper Juhl <[email protected]>
Date: Sun, 26 Jun 2011 23:23:06 +0200 (CEST)

> If af_alg_make_sg() returns <0 in hash_sendmsg() we'll jump to the
> 'unlock' label without having set 'err' to anything. At the 'unlock'
> label the value of 'err' is tested to determine return value of the
> function - not good to base that on a uninitialized variable.
>
> This patch sets 'err' to the return value of hash_sendmsg() before the
> 'goto' when the value is less than zero, which seems to me to be the
> proper thing to do.
>
> Signed-off-by: Jesper Juhl <[email protected]>

Acked-by: David S. Miller <[email protected]>

2011-06-27 06:59:29

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH] Crypto: Don't use err uninitialized in algif_hash.c:hash_sendmsg()

On Sun, Jun 26, 2011 at 11:23:06PM +0200, Jesper Juhl wrote:
> If af_alg_make_sg() returns <0 in hash_sendmsg() we'll jump to the
> 'unlock' label without having set 'err' to anything. At the 'unlock'
> label the value of 'err' is tested to determine return value of the
> function - not good to base that on a uninitialized variable.
>
> This patch sets 'err' to the return value of hash_sendmsg() before the
> 'goto' when the value is less than zero, which seems to me to be the
> proper thing to do.
>
> Signed-off-by: Jesper Juhl <[email protected]>

Thanks for catching this!

> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 62122a1..1847544 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -68,9 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
> int newlen;
>
> newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
> - if (newlen < 0)
> + if (newlen < 0) {
> + err = newlen;
> goto unlock;
> -
> + }

This isn't quite what we want though. The error from af_alg_make_sg
should only be fatal if we haven't sent anything at all. That is,
it's OK to get an error on the second try.

So I'm going to tweak your patch a little bit and apply this:

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 62122a1..ef5356c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -68,8 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
int newlen;

newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
- if (newlen < 0)
+ if (newlen < 0) {
+ err = copied ? 0 : newlen;
goto unlock;
+ }

ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL,
newlen);

Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2011-06-27 20:48:58

by Jesper Juhl

[permalink] [raw]
Subject: Re: [PATCH] Crypto: Don't use err uninitialized in algif_hash.c:hash_sendmsg()

On Mon, 27 Jun 2011, Herbert Xu wrote:

> On Sun, Jun 26, 2011 at 11:23:06PM +0200, Jesper Juhl wrote:
> > If af_alg_make_sg() returns <0 in hash_sendmsg() we'll jump to the
> > 'unlock' label without having set 'err' to anything. At the 'unlock'
> > label the value of 'err' is tested to determine return value of the
> > function - not good to base that on a uninitialized variable.
> >
> > This patch sets 'err' to the return value of hash_sendmsg() before the
> > 'goto' when the value is less than zero, which seems to me to be the
> > proper thing to do.
> >
> > Signed-off-by: Jesper Juhl <[email protected]>
>
> Thanks for catching this!
>
You're welcome.

> > diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> > index 62122a1..1847544 100644
> > --- a/crypto/algif_hash.c
> > +++ b/crypto/algif_hash.c
> > @@ -68,9 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
> > int newlen;
> >
> > newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
> > - if (newlen < 0)
> > + if (newlen < 0) {
> > + err = newlen;
> > goto unlock;
> > -
> > + }
>
> This isn't quite what we want though. The error from af_alg_make_sg
> should only be fatal if we haven't sent anything at all. That is,
> it's OK to get an error on the second try.
>
> So I'm going to tweak your patch a little bit and apply this:
>

Ok. Guess I didn't quite understand what was going on there. Thank you for
fixing it up.

> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 62122a1..ef5356c 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -68,8 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
> int newlen;
>
> newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
> - if (newlen < 0)
> + if (newlen < 0) {
> + err = copied ? 0 : newlen;
> goto unlock;
> + }
>
> ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL,
> newlen);
>
> Cheers,
>

--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.