From: Li Kun Subject: Re: [PATCH] crypto: af_alg - add keylen checking to avoid NULL ptr passing down Date: Mon, 18 Dec 2017 21:34:05 +0800 Message-ID: <62ca2507-464f-d1b5-8c79-8de6df79b7de@huawei.com> References: <1513595363-27577-1-git-send-email-hw.likun@huawei.com> <20171218120009.GA8328@kroah.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit Cc: , To: Greg KH Return-path: In-Reply-To: <20171218120009.GA8328@kroah.com> Sender: stable-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org 在 2017/12/18 20:00, Greg KH 写道: > On Mon, Dec 18, 2017 at 11:09:23AM +0000, Li Kun wrote: >> alg_setkey do not check the keylen whether it is zero, so the key >> may be ZERO_SIZE_PTR when keylen is 0, which will pass the >> copy_from_user's checking and be passed to the lower functions as key. >> >> If the lower functions only check the key if it is NULL, ZERO_SIZE_PTR >> will pass the checking, and will cause null ptr dereference, so it's >> better to intercept the invalid parameters in the upper functions. >> >> This patch is also suitable to fix CVE-2017-15116 for stable trees. >> >> Signed-off-by: Li Kun >> --- >> crypto/af_alg.c | 2 ++ >> 1 file changed, 2 insertions(+) > > > This is not the correct way to submit patches for inclusion in the > stable kernel tree. Please read: > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > for how to do this properly. sorry, i will resend this patch with "Cc: stable@vger.kernel.org" > > -- Best Regards Li Kun