Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91a120d0 authored by Jesper Nilsson's avatar Jesper Nilsson
Browse files

CRISv32: Fix potential null reference in cryptocop driver. 

The code didn't test the pointer to the newly allocated
memory, but a parameter sent in as value.
Since the input parameter was most often set, the code
would have used a null pointer if the kmalloc failed.
If the input parameter was not set, the code would
leak the allocated buffer.

http://bugzilla.kernel.org/show_bug.cgi?id=11363



Reported-by: default avatarDaniel Marjamäki <danielm77@spray.se>
Signed-off-by: default avatarJesper Nilsson <jesper.nilsson@axis.com>
parent 7f2ff23d

arch/cris/arch-v32/drivers/cryptocop.c

+2 −2
Original line number Diff line number Diff line
@@ -1395,7 +1395,7 @@ static int create_md5_pad(int alloc_flag, unsigned long long hashed_length, char 
	if (padlen < MD5_MIN_PAD_LENGTH) padlen += MD5_BLOCK_LENGTH;



	p = kmalloc(padlen, alloc_flag);

	if (!pad) return -ENOMEM;

	if (!p) return -ENOMEM;



	*p = 0x80;

	memset(p+1, 0, padlen - 1);
@@ -1427,7 +1427,7 @@ static int create_sha1_pad(int alloc_flag, unsigned long long hashed_length, cha 
	if (padlen < SHA1_MIN_PAD_LENGTH) padlen += SHA1_BLOCK_LENGTH;



	p = kmalloc(padlen, alloc_flag);

	if (!pad) return -ENOMEM;

	if (!p) return -ENOMEM;



	*p = 0x80;

	memset(p+1, 0, padlen - 1);