From: Greg KH Subject: Re: [PATCH] crypto: af_alg - add keylen checking to avoid NULL ptr passing down Date: Mon, 18 Dec 2017 13:00:09 +0100 Message-ID: <20171218120009.GA8328@kroah.com> References: <1513595363-27577-1-git-send-email-hw.likun@huawei.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-crypto@vger.kernel.org, stable@vger.kernel.org To: Li Kun Return-path: Received: from mail.linuxfoundation.org ([140.211.169.12]:47734 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752708AbdLRMAR (ORCPT ); Mon, 18 Dec 2017 07:00:17 -0500 Content-Disposition: inline In-Reply-To: <1513595363-27577-1-git-send-email-hw.likun@huawei.com> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Mon, Dec 18, 2017 at 11:09:23AM +0000, Li Kun wrote: > alg_setkey do not check the keylen whether it is zero, so the key > may be ZERO_SIZE_PTR when keylen is 0, which will pass the > copy_from_user's checking and be passed to the lower functions as key. > > If the lower functions only check the key if it is NULL, ZERO_SIZE_PTR > will pass the checking, and will cause null ptr dereference, so it's > better to intercept the invalid parameters in the upper functions. > > This patch is also suitable to fix CVE-2017-15116 for stable trees. > > Signed-off-by: Li Kun > --- > crypto/af_alg.c | 2 ++ > 1 file changed, 2 insertions(+) This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.