Commit 5862b02c authored by Jia Jie Ho's avatar Jia Jie Ho Committed by Chen Ridong
Browse files

crypto: starfive - Do not free stack buffer 

mainline inclusion
from mainline-v6.10-rc
commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAB05M
CVE: CVE-2024-39478

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d7f01649f4eaf1878472d3d3f480ae1e50d98f6c



----------------------------------------------------------------------

RSA text data uses variable length buffer allocated in software stack.
Calling kfree on it causes undefined behaviour in subsequent operations.

Cc: <stable@vger.kernel.org> #6.7+
Signed-off-by: default avatarJia Jie Ho <jiajie.ho@starfivetech.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarChen Ridong <chenridong@huawei.com>
parent ddbb3ee7

drivers/crypto/starfive/jh7110-rsa.c

+0 −1
Original line number Diff line number Diff line
@@ -299,7 +299,6 @@ static int starfive_rsa_enc_core(struct starfive_cryp_ctx *ctx, int enc) 


err_rsa_crypt:

	writel(STARFIVE_RSA_RESET, cryp->base + STARFIVE_PKA_CACR_OFFSET);

	kfree(rctx->rsa_data);

	return ret;

}