2021-12-24 07:47:20

by Jiasheng Jiang

[permalink] [raw]
Subject: [PATCH] net/tipc: Check null mem pointer

For the possible alloc failure of the kmemdup(), it may return null
pointer.
Therefore, the returned pointer should be checked to guarantee the
success of the init.

Fixes: fc1b6d6de220 ("tipc: introduce TIPC encryption & authentication")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
net/tipc/crypto.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index c9391d38de85..19015e08e750 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -596,7 +596,14 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey,
tmp->mode = mode;
tmp->cloned = NULL;
tmp->authsize = TIPC_AES_GCM_TAG_SIZE;
+
tmp->key = kmemdup(ukey, tipc_aead_key_size(ukey), GFP_KERNEL);
+ if (!tmp->key) {
+ free_percpu(tmp->tfm_entry);
+ kfree_sensitive(tmp);
+ return -ENOMEM;
+ }
+
memcpy(&tmp->salt, ukey->key + keylen, TIPC_AES_GCM_SALT_SIZE);
atomic_set(&tmp->users, 0);
atomic64_set(&tmp->seqno, 0);
--
2.25.1



2021-12-24 22:44:46

by Jakub Kicinski

[permalink] [raw]
Subject: Re: [PATCH] net/tipc: Check null mem pointer

On Fri, 24 Dec 2021 15:46:46 +0800 Jiasheng Jiang wrote:
> For the possible alloc failure of the kmemdup(), it may return null
> pointer.
> Therefore, the returned pointer should be checked to guarantee the
> success of the init.
>
> Fixes: fc1b6d6de220 ("tipc: introduce TIPC encryption & authentication")
> Signed-off-by: Jiasheng Jiang <[email protected]>
> ---
> net/tipc/crypto.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
> index c9391d38de85..19015e08e750 100644
> --- a/net/tipc/crypto.c
> +++ b/net/tipc/crypto.c
> @@ -596,7 +596,14 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey,
> tmp->mode = mode;
> tmp->cloned = NULL;
> tmp->authsize = TIPC_AES_GCM_TAG_SIZE;
> +
> tmp->key = kmemdup(ukey, tipc_aead_key_size(ukey), GFP_KERNEL);
> + if (!tmp->key) {
> + free_percpu(tmp->tfm_entry);
> + kfree_sensitive(tmp);
> + return -ENOMEM;
> + }
> +
> memcpy(&tmp->salt, ukey->key + keylen, TIPC_AES_GCM_SALT_SIZE);
> atomic_set(&tmp->users, 0);
> atomic64_set(&tmp->seqno, 0);

Fixed over a month ago 3e6db079751a ("tipc: check for null after calling
kmemdup")