| Message ID | 20171213172230.12767-1-ddiss@suse.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi David, Apologies for the delayed follow up. On Wed, 2017-12-13 at 18:22 +0100, David Disseldorp wrote: > If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then > crypto_free_shash() is called with a NULL pointer which gets > dereferenced in crypto_shash_tfm(). > > Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash") > Suggested-by: Markus Elfring <elfring@users.sourceforge.net> > Signed-off-by: David Disseldorp <ddiss@suse.de> > --- > This is a minimal fix, similar to Markus's > "target/iscsi: Less function calls in chap_server_compute_md5() after error detection" > patch, but without all of the coding-style changes mixed in. > > drivers/target/iscsi/iscsi_target_auth.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > Applied, with a stable CC' for 4.6.y. -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index f9bc8ec6fb6b..9518ffd8b8ba 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -421,7 +421,8 @@ static int chap_server_compute_md5( auth_ret = 0; out: kzfree(desc); - crypto_free_shash(tfm); + if (tfm) + crypto_free_shash(tfm); kfree(challenge); kfree(challenge_binhex); return auth_ret;
If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then crypto_free_shash() is called with a NULL pointer which gets dereferenced in crypto_shash_tfm(). Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash") Suggested-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David Disseldorp <ddiss@suse.de> --- This is a minimal fix, similar to Markus's "target/iscsi: Less function calls in chap_server_compute_md5() after error detection" patch, but without all of the coding-style changes mixed in. drivers/target/iscsi/iscsi_target_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)