crypto: drbg - set freed buffers to NULL
commitpull/10/headeea0d3ea75
upstream. During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes:3cfc3b9721
("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
parent
a32a944a60
commit
674d38ea18
|
@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
|
|||
if (!drbg)
|
||||
return;
|
||||
kzfree(drbg->Vbuf);
|
||||
drbg->Vbuf = NULL;
|
||||
drbg->V = NULL;
|
||||
kzfree(drbg->Cbuf);
|
||||
drbg->Cbuf = NULL;
|
||||
drbg->C = NULL;
|
||||
kzfree(drbg->scratchpadbuf);
|
||||
drbg->scratchpadbuf = NULL;
|
||||
|
|
Loading…
Reference in New Issue