Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9051835ybi; Tue, 23 Jul 2019 20:50:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9eJFfRWHx6sdz4P1GG4kNQBYRBiXdBzj9FmWS/nXtlsJI+gcqx+4zdgexVgdS1TsBBj7k X-Received: by 2002:a63:1723:: with SMTP id x35mr78307059pgl.233.1563940231942; Tue, 23 Jul 2019 20:50:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563940231; cv=none; d=google.com; s=arc-20160816; b=ZreJt5J2rghx/eG+adAidIVK/vWZbklfXJBBedkekLRifE9azg+mJUIaYUTV7agjlR USXfvyCXSdSofCS4ehdAex3ZTrdGf/TRPCCluRNWabcYpPsl7mRT8t0A7+A85CvhMsnL /jFX9jsON/1+tZ6wxIusgf+jceivUhOazyhGe6oOlSKIRZcZlOMmygfnEiyQtfV5lb9Z CUzucefjPRz0VCXAE5e6/VM7UP9pWV2eiFpiRA37ls0H6srpZbW7w31xOO5Tqa+xaZoP Z7qe+XAnU2wKrqupWIwlVBsW420PuqmCk7cqi6nOxHVYZcH/KaRbKCBpQwiGGTPMLVpA 8aVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=IQLyRnhX1U98uZ5/RlUPme0HMor/hCDsDY8BvZ+8wGg=; b=aqS1XdN3yL7w3TKuZ7rXUbbA6/FhUDy4tS7e2f0AOgRRSPZSBMfgJ+fJmPxjP+bGDv WdrncEfV6lW+wq7c8ybRyHX53W9mMnLGaiL4mo9lw5AtnXgmX5+uObRWWCdhcKfMsRhq 6o5U15kBdxNqyGtb280co6WgyRmrcE3ubj6YRfZIQlVsb6ZovfEImu0Tg+uEWZ+UpChM JAJIEi8bfi0dI+YI8IgdRAVLv0uNbUNCh//ZXwIamSKOTnqTRl7/FxLpDqUfG/C2OzOG pBJ3iixBPNOs3SpBy6UdZ7GUpwr7i9YosutCGpRYA3mRtOazJRfpIbP8/UyYE5P3AiY7 SEww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="a96Fshk/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i23si13768612pfa.196.2019.07.23.20.50.17; Tue, 23 Jul 2019 20:50:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="a96Fshk/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726547AbfGXDtY (ORCPT + 99 others); Tue, 23 Jul 2019 23:49:24 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:45008 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726525AbfGXDtY (ORCPT ); Tue, 23 Jul 2019 23:49:24 -0400 Received: by mail-pg1-f193.google.com with SMTP id i18so20467180pgl.11; Tue, 23 Jul 2019 20:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=IQLyRnhX1U98uZ5/RlUPme0HMor/hCDsDY8BvZ+8wGg=; b=a96Fshk/MwVVdB7NTmT4qZmZCuO8Xnost8WdcmjbpP9gHxAdpF98Ipx0xQu5jIjJfv f+gLkd1Kc8DPyCaq9E6PV4aqzK+EiVhwpaUyLUq5/c6NsaXP89+pdCL7u+viIM52Lfih uIa1UpOUc3PSnxqg1PKEvJRxokGT1YpgoCYCHtqPfB+NAdgtXMK5tud/u/rZ3bAeUq1S VEAB2W3bpmCPHYFFGRwynJdB9a0s40Eh+MX+Eb0YCdUNBDQSvJn3wUMTOI3mV2A09JyH PBtUpi0TooicuDLdNR5wbOUapVFpYVgcqRcZaujgUVysqrFv+ZJgQT6UFxjIXoLm+w4P RB8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=IQLyRnhX1U98uZ5/RlUPme0HMor/hCDsDY8BvZ+8wGg=; b=ckSu1drg3QwVaHDZD14U7i6I268TI/aGXG4fs8DuquruzpSjQ/n8zuEcS15shIGGAA pMGi+mhVKE7Mdgw5PZPFly3DWolzjOIUe/tSflATm5g9n0cbyzRG91j0DQp4de2tiYKz SLUmdK+sB6Xa73Vnsi4mnW2JAg1gQfVAdLQnhN0ppxhjQ+XTzv1Y2pwQMh2OSJThPrhk +84UiHqu1v3AWy1A8tMCHpRsZ9BmOPYdS8vWsx+MpRJqd8f/XS+i9lWiEdFG/rWYgAl7 mIYoQ9691C7BqAI5+NTMoA1OO/SkvpCK48Nu1B1Fccj4OTBhTQCZtWixj371inUGWZfx KBOw== X-Gm-Message-State: APjAAAWv49yukZOnebyrFdM2WJEhB6481+hAfacDFE6/B0Wa1L2IPVtT T/7WAzrnx0f7tdnBEwi6tXc= X-Received: by 2002:a62:38c6:: with SMTP id f189mr9125668pfa.157.1563940163555; Tue, 23 Jul 2019 20:49:23 -0700 (PDT) Received: from oslab.tsinghua.edu.cn ([2402:f000:4:72:808::3ca]) by smtp.gmail.com with ESMTPSA id v10sm45113413pfe.163.2019.07.23.20.49.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jul 2019 20:49:23 -0700 (PDT) From: Jia-Ju Bai To: philipp.reisner@linbit.com, lars.ellenberg@linbit.com, axboe@kernel.dk Cc: drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH 1/2] block: drbd: Fix a possible null-pointer dereference in receive_protocol() Date: Wed, 24 Jul 2019 11:49:16 +0800 Message-Id: <20190724034916.28703-1-baijiaju1990@gmail.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In receive_protocol(), when crypto_alloc_shash() on line 3754 fails, peer_integrity_tfm is NULL, and error handling code is executed. In this code, crypto_free_shash() is called with NULL, which can cause a null-pointer dereference, because: crypto_free_shash(NULL) crypto_ahash_tfm(NULL) "return &NULL->base" To fix this bug, peer_integrity_tfm is checked before calling crypto_free_shash(). This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai --- drivers/block/drbd/drbd_receiver.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index 90ebfcae0ce6..a4df2b8291f6 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -3807,7 +3807,8 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in disconnect_rcu_unlock: rcu_read_unlock(); disconnect: - crypto_free_shash(peer_integrity_tfm); + if (peer_integrity_tfm) + crypto_free_shash(peer_integrity_tfm); kfree(int_dig_in); kfree(int_dig_vv); conn_request_state(connection, NS(conn, C_DISCONNECTING), CS_HARD); -- 2.17.0