Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10419085ybi;
        Wed, 24 Jul 2019 22:53:22 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwAneY5KCLydq6eewOgT5LUOvyZ7rYQOiyKu954k43ntV6ingyTPUueIecyWzRVPJl8YeDs
X-Received: by 2002:a17:902:758d:: with SMTP id j13mr87088357pll.197.1564034001989;
        Wed, 24 Jul 2019 22:53:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564034001; cv=none;
        d=google.com; s=arc-20160816;
        b=wpkQZdC+iHrKf8TGVIaPCj3A4fcxGJfYB20n1qj1VNE9c7FVqDpd5O7lN+5oFPHJef
         PlVluwOI82Aam3cQOTGNzAQHFkzDj5gFx9XjPGlD8j1qqKajsh1CcCUmJApbq8WV3Ab4
         eiYqjStQVXNze6DwSSpM7Ox4OvZfK2R4R0XHg21Myq67k6oDFNex7ECUgbKESoDr9gSs
         j57+6Cyn3CH+d1sQvbymuRJUijxnTwTSl3wdodwhNixYNqggx974CisjiPJV/gn/BFuQ
         gopjN2L0MAfCVcWkHROit+nRf8dMWAR26LFRD920MgdNaakemjEfbTv2KYs9aKA1aQiD
         j6/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:mail-followup-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=839XmXPg6qqjm9XEVJ/OXVr3rvsWgqEnJuW+s+uuLSk=;
        b=kAr0irpsiQu62TiSJXAEcojw9aTCj1ub4HZ1MbtiASjPG7OCQonDgMCb5sAOs+Pgxr
         TdVgvYT+BB2GOj5OxIK/rDFyqYziSt/ihueM/Suq7eMdHqSO9B2Fi1uJiKBcj3XD20ZL
         tWi8QN2bGFFSl7uURZ3fyevt6imTX3ta4D2fTZ0iRRE0hzYzVlZnJhblYGSOaPQaF9dw
         mgyHnn/Fa0KLdThwKSFBFrC2aXuYNi2h8hWga3o67YZtvl74/m8Yl2qYJvXq80aOOsI3
         aAd9dhj6Yf4ZJOLsQVqGN5jJpY2NgUI29MSTCoN0tu2ceLTxEdy8Dryl6kuoFPMQLsqe
         zZLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ZQQBfNWm;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i185si16453492pge.505.2019.07.24.22.53.08;
        Wed, 24 Jul 2019 22:53:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ZQQBfNWm;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389957AbfGYDkI (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Wed, 24 Jul 2019 23:40:08 -0400
Received: from mail.kernel.org ([198.145.29.99]:40340 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389704AbfGYDkI (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 24 Jul 2019 23:40:08 -0400
Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 75F2B216F4;
        Thu, 25 Jul 2019 03:40:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1564026006;
        bh=9BMauwEy1lGIJ9pUkmok8zRfXwbOeUrTUzWPT9b+bsc=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=ZQQBfNWmB3OCie57T2P6IO8YyrX+334Ql5pYpHjLHfQave82AuHEGJ4eFdEbDFUWw
         kM6y05VA3zfnppuA8VXfrbriUHLw/BzVU6BPuxhbwM0jaLEs5MgBubJb7+fe8VIjop
         vURvdDecRFjdfm+pFz7S3zVJNqwAvq8i6q81GuLM=
Date:   Wed, 24 Jul 2019 20:39:51 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Jia-Ju Bai <baijiaju1990@gmail.com>
Cc:     tytso@mit.edu, jaegeuk@kernel.org, linux-fscrypt@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH] fs: crypto: keyinfo: Fix a possible null-pointer
 dereference in derive_key_aes()
Message-ID: <20190725033951.GA677@sol.localdomain>
Mail-Followup-To: Jia-Ju Bai <baijiaju1990@gmail.com>, tytso@mit.edu,
        jaegeuk@kernel.org, linux-fscrypt@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
References: <20190724100204.2009-1-baijiaju1990@gmail.com>
 <20190724160711.GB673@sol.localdomain>
 <3d206c43-994e-6134-3f28-b4a500472760@gmail.com>
 <9740973d-6e59-e4df-7097-4e5d0da89235@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9740973d-6e59-e4df-7097-4e5d0da89235@gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Jul 25, 2019 at 11:33:53AM +0800, Jia-Ju Bai wrote:
> Sorry, I forgot to send to Eric, so send it again.
> 
> On 2019/7/25 11:30, Jia-Ju Bai wrote:
> > 
> > 
> > On 2019/7/25 0:07, Eric Biggers wrote:
> > > [+Cc linux-crypto]
> > > 
> > > On Wed, Jul 24, 2019 at 06:02:04PM +0800, Jia-Ju Bai wrote:
> > > > In derive_key_aes(), tfm is assigned to NULL on line 46, and then
> > > > crypto_free_skcipher(tfm) is executed.
> > > > 
> > > > crypto_free_skcipher(tfm)
> > > > ???? crypto_skcipher_tfm(tfm)
> > > > ???????? return &tfm->base;
> > > > 
> > > > Thus, a possible null-pointer dereference may occur.
> > > This analysis is incorrect because only the address &tfm->base is taken.
> > > There's no pointer dereference.
> > > 
> > > In fact all the crypto_free_*() functions are no-ops on NULL
> > > pointers, and many
> > > other callers rely on it.? So there's no bug here.
> > 
> > Thanks for the reply :)
> > I admit that "&tfm->base" is not a null-pointer dereference when tfm is
> > NULL.
> > But I still think crypto_free_skcipher(tfm) can cause security problems
> > when tfm is NULL.
> > 
> > Looking at the code:
> > 
> > static inline void crypto_free_skcipher(struct crypto_skcipher *tfm)
> > {
> > ??? crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm));
> > }
> > 
> > static inline struct crypto_tfm *crypto_skcipher_tfm(
> > ??? struct crypto_skcipher *tfm)
> > {
> > ??? return &tfm->base;
> > }
> > 
> > void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
> > {
> > ??? struct crypto_alg *alg;
> > 
> > ??? if (unlikely(!mem))
> > ??? ??? return;

When the original pointer is NULL, mem == NULL here so crypto_destroy_tfm() is a
no-op.

> > Besides, I also find that some kernel modules check tfm before calling
> > crypto_free_*(), such as:
> > 
> > drivers/crypto/vmx/aes_xts.c:
> > ??? if (ctx->fallback) {
> > ??? ??? crypto_free_skcipher(ctx->fallback);
> > ??? ??? ctx->fallback = NULL;
> > ??? }
> > 
> > net/rxrpc/rxkad.c:
> > ??? if (conn->cipher)
> > ??? ??? crypto_free_skcipher(conn->cipher);
> > 
> > drivers/crypto/chelsio/chcr_algo.c:
> > ??? if (ablkctx->aes_generic)
> > ??? ??? crypto_free_cipher(ablkctx->aes_generic);
> > 
> > net/mac80211/wep.c:
> > ??? if (!IS_ERR(local->wep_tx_tfm))
> > ??? ??? crypto_free_cipher(local->wep_tx_tfm);
> > 

Well, people sometimes do that for kfree() too.  But that doesn't mean it's
needed, or that it's the preferred style (it's not).

- Eric