| Message ID | 20231214030834.2665-1-tianjia.zhang@linux.alibaba.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: lib/mpi - Fix unexpected pointer access | expand |
On Thu, Dec 14, 2023 at 11:08:34AM +0800, Tianjia Zhang wrote: > When the mpi_ec_ctx structure is initialized, some fields are not > cleared, causing a crash when referencing the field when the > structure was released. Initially, this issue was ignored because > memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. > For example, this error will be triggered when calculating the > Za value for SM2 separately. > > Fixes: d58bb7e55a8a ("lib/mpi: Introduce ec implementation to MPI library") > Cc: stable@vger.kernel.org # v6.5 > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > lib/crypto/mpi/ec.c | 3 +++ > 1 file changed, 3 insertions(+) Patch applied. Thanks.
diff --git a/lib/crypto/mpi/ec.c b/lib/crypto/mpi/ec.c index 40f5908e57a4..e16dca1e23d5 100644 --- a/lib/crypto/mpi/ec.c +++ b/lib/crypto/mpi/ec.c @@ -584,6 +584,9 @@ void mpi_ec_init(struct mpi_ec_ctx *ctx, enum gcry_mpi_ec_models model, ctx->a = mpi_copy(a); ctx->b = mpi_copy(b); + ctx->d = NULL; + ctx->t.two_inv_p = NULL; + ctx->t.p_barrett = use_barrett > 0 ? mpi_barrett_init(ctx->p, 0) : NULL; mpi_ec_get_reset(ctx);
When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. Fixes: d58bb7e55a8a ("lib/mpi: Introduce ec implementation to MPI library") Cc: stable@vger.kernel.org # v6.5 Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- lib/crypto/mpi/ec.c | 3 +++ 1 file changed, 3 insertions(+)