From: Jie Liu <[email protected]>
In skcipher_alloc_sgl(), there is a potential null pointer dereference
issue to retrieve the last item from ctx->tsgl list if the list is empty.
This patch fix it by checking if the list is empty or not at first.
Signed-off-by: Jie Liu <[email protected]>
---
crypto/algif_skcipher.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a1c4f0a..bfa702e 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -73,9 +73,10 @@ static int skcipher_alloc_sgl(struct sock *sk)
struct skcipher_sg_list *sgl;
struct scatterlist *sg = NULL;
- sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
- if (!list_empty(&ctx->tsgl))
+ if (!list_empty(&ctx->tsgl)) {
+ sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
sg = sgl->sg;
+ }
if (!sg || sgl->cur >= MAX_SGL_ENTS) {
sgl = sock_kmalloc(sk, sizeof(*sgl) +
--
1.8.3.2
On Fri, Nov 15, 2013 at 10:31:25AM +0800, Jeff Liu wrote:
> From: Jie Liu <[email protected]>
>
> In skcipher_alloc_sgl(), there is a potential null pointer dereference
> issue to retrieve the last item from ctx->tsgl list if the list is empty.
>
> This patch fix it by checking if the list is empty or not at first.
>
> Signed-off-by: Jie Liu <[email protected]>
Were you actually able to make this crash?
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt