From nobody Sat Apr 27 20:23:47 2024 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1510054422514355.79629931216766; Tue, 7 Nov 2017 03:33:42 -0800 (PST) Received: from localhost ([::1]:52781 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eC289-0003pD-N9 for importer@patchew.org; Tue, 07 Nov 2017 06:33:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52010) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eC27E-0003Wn-P5 for qemu-devel@nongnu.org; Tue, 07 Nov 2017 06:32:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eC27B-00063G-HG for qemu-devel@nongnu.org; Tue, 07 Nov 2017 06:32:24 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:2281) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1eC27A-00060x-SX for qemu-devel@nongnu.org; Tue, 07 Nov 2017 06:32:21 -0500 Received: from 172.30.72.59 (EHLO DGGEMS410-HUB.china.huawei.com) ([172.30.72.59]) by dggrg05-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id DKM95067; Tue, 07 Nov 2017 19:32:15 +0800 (CST) Received: from localhost (10.177.246.209) by DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id 14.3.361.1; Tue, 7 Nov 2017 19:32:09 +0800 From: "Longpeng(Mike)" To: Date: Tue, 7 Nov 2017 19:32:06 +0800 Message-ID: <1510054326-31036-1-git-send-email-longpeng2@huawei.com> X-Mailer: git-send-email 1.8.4.msysgit.0 MIME-Version: 1.0 X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.5A0199C0.00AA, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 40edb05952909ffaab25e19e57a0cc71 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 45.249.212.191 Subject: [Qemu-devel] [PATCH v2] crypto: afalg: fix a NULL pointer dereference X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefanha@gmail.com, qemu-devel@nongnu.org, armbru@redhat.com, arei.gonglei@huawei.com, pbonzini@redhat.com, Longpeng Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Longpeng Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with errp=3DNULL, this will cause a NULL pointer deference if afalg_driver doesn't support requested algos: ret =3D qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, errp); if (ret =3D=3D 0) { return ret; } error_free(*errp); // <--- here Because the error message is threw away immediately, so we should just pass NULL to hash_bytesv(). There is also the same problem in afalg-backend cipher & hmac, let's fix them together. Reported-by: Paolo Bonzini Signed-off-by: Longpeng Reviewed-by: Eric Blake --- v2->v1: - fix typo [Eric] - just pass NULL to hash_bytesv() [Eric, Daniel] - remove useless Error object in afalg-backend cipher & hmac [Longpeng] --- crypto/cipher.c | 5 +---- crypto/hash.c | 8 +------- crypto/hmac.c | 4 +--- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/crypto/cipher.c b/crypto/cipher.c index 0aad9d6..bcbfb3d 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgori= thm alg, { QCryptoCipher *cipher; void *ctx =3D NULL; - Error *err2 =3D NULL; QCryptoCipherDriver *drv =3D NULL; =20 #ifdef CONFIG_AF_ALG - ctx =3D qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2); + ctx =3D qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); if (ctx) { drv =3D &qcrypto_cipher_afalg_driver; } @@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgori= thm alg, if (!ctx) { ctx =3D qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); if (!ctx) { - error_free(err2); return NULL; } =20 drv =3D &qcrypto_cipher_lib_driver; - error_free(err2); } =20 cipher =3D g_new0(QCryptoCipher, 1); diff --git a/crypto/hash.c b/crypto/hash.c index ac59c63..aeeec97 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -51,16 +51,10 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, =20 ret =3D qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, - errp); + NULL); if (ret =3D=3D 0) { return ret; } - - /* - * TODO: - * Maybe we should treat some afalg errors as fatal - */ - error_free(*errp); #endif =20 return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov, diff --git a/crypto/hmac.c b/crypto/hmac.c index 82b0055..f6c2d8d 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, { QCryptoHmac *hmac; void *ctx =3D NULL; - Error *err2 =3D NULL; QCryptoHmacDriver *drv =3D NULL; =20 #ifdef CONFIG_AF_ALG - ctx =3D qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2); + ctx =3D qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL); if (ctx) { drv =3D &qcrypto_hmac_afalg_driver; } @@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, } =20 drv =3D &qcrypto_hmac_lib_driver; - error_free(err2); } =20 hmac =3D g_new0(QCryptoHmac, 1); --=20 1.8.3.1