|
|
c4dc547 |
From bf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4 Mon Sep 17 00:00:00 2001
|
|
|
c4dc547 |
From: Milan Broz <mbroz@redhat.com>
|
|
|
c4dc547 |
Date: Thu, 28 Jun 2012 17:26:02 +0200
|
|
|
c4dc547 |
Subject: [PATCH] crypto: aesni-intel - fix wrong kfree pointer
|
|
|
c4dc547 |
|
|
|
c4dc547 |
kfree(new_key_mem) in rfc4106_set_key() should be called on malloced pointer,
|
|
|
c4dc547 |
not on aligned one, otherwise it can cause invalid pointer on free.
|
|
|
c4dc547 |
|
|
|
c4dc547 |
(Seen at least once when running tcrypt tests with debug kernel.)
|
|
|
c4dc547 |
|
|
|
c4dc547 |
Signed-off-by: Milan Broz <mbroz@redhat.com>
|
|
|
c4dc547 |
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
c4dc547 |
---
|
|
|
c4dc547 |
arch/x86/crypto/aesni-intel_glue.c | 8 ++++----
|
|
|
c4dc547 |
1 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
c4dc547 |
|
|
|
c4dc547 |
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
|
|
|
c4dc547 |
index d662615..34fdcff 100644
|
|
|
c4dc547 |
--- a/arch/x86/crypto/aesni-intel_glue.c
|
|
|
c4dc547 |
+++ b/arch/x86/crypto/aesni-intel_glue.c
|
|
|
c4dc547 |
@@ -529,7 +529,7 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
|
|
|
c4dc547 |
struct crypto_aead *cryptd_child = cryptd_aead_child(ctx->cryptd_tfm);
|
|
|
c4dc547 |
struct aesni_rfc4106_gcm_ctx *child_ctx =
|
|
|
c4dc547 |
aesni_rfc4106_gcm_ctx_get(cryptd_child);
|
|
|
c4dc547 |
- u8 *new_key_mem = NULL;
|
|
|
c4dc547 |
+ u8 *new_key_align, *new_key_mem = NULL;
|
|
|
c4dc547 |
|
|
|
c4dc547 |
if (key_len < 4) {
|
|
|
c4dc547 |
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
|
|
c4dc547 |
@@ -553,9 +553,9 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
|
|
|
c4dc547 |
if (!new_key_mem)
|
|
|
c4dc547 |
return -ENOMEM;
|
|
|
c4dc547 |
|
|
|
c4dc547 |
- new_key_mem = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
|
|
|
c4dc547 |
- memcpy(new_key_mem, key, key_len);
|
|
|
c4dc547 |
- key = new_key_mem;
|
|
|
c4dc547 |
+ new_key_align = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
|
|
|
c4dc547 |
+ memcpy(new_key_align, key, key_len);
|
|
|
c4dc547 |
+ key = new_key_align;
|
|
|
c4dc547 |
}
|
|
|
c4dc547 |
|
|
|
c4dc547 |
if (!irq_fpu_usable())
|
|
|
c4dc547 |
--
|
|
|
c4dc547 |
1.7.6.5
|
|
|
c4dc547 |
|