target/iscsi: avoid NULL dereference in CHAP auth error path
commitpull/10/headce512d79d0
upstream. If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then crypto_free_shash() is called with a NULL pointer which gets dereferenced in crypto_shash_tfm(). Fixes:69110e3ced
("iscsi-target: Use shash and ahash") Suggested-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David Disseldorp <ddiss@suse.de> Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
parent
0528a533f3
commit
4cbb9fdf13
|
@ -421,7 +421,8 @@ static int chap_server_compute_md5(
|
|||
auth_ret = 0;
|
||||
out:
|
||||
kzfree(desc);
|
||||
crypto_free_shash(tfm);
|
||||
if (tfm)
|
||||
crypto_free_shash(tfm);
|
||||
kfree(challenge);
|
||||
kfree(challenge_binhex);
|
||||
return auth_ret;
|
||||
|
|
Loading…
Reference in New Issue