Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1605b847 authored by Herbert Xu's avatar Herbert Xu
Browse files

[CRYPTO] cryptomgr: Fix use after free 



By the time kthread_run returns the param may have already been freed
so writing the returned thread_struct pointer to param is wrong.

In fact, we don't need it in param anyway so this patch simply puts it
on the stack.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent f6259dea

crypto/cryptomgr.c

+3 −4
Original line number Diff line number Diff line
@@ -24,8 +24,6 @@ 
#include "internal.h"



struct cryptomgr_param {

	struct task_struct *thread;



	struct rtattr *tb[CRYPTOA_MAX];



	struct {
@@ -81,6 +79,7 @@ err: 


static int cryptomgr_schedule_probe(struct crypto_larval *larval)

{

	struct task_struct *thread;

	struct cryptomgr_param *param;

	const char *name = larval->alg.cra_name;

	const char *p;
@@ -130,8 +129,8 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval) 


	memcpy(param->larval.name, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME);



	param->thread = kthread_run(cryptomgr_probe, param, "cryptomgr");

	if (IS_ERR(param->thread))

	thread = kthread_run(cryptomgr_probe, param, "cryptomgr");

	if (IS_ERR(thread))

		goto err_free_param;



	return NOTIFY_STOP;