Commit f1710638 authored by Longpeng's avatar Longpeng Committed by Daniel P. Berrangé
Browse files

crypto: afalg: fix a NULL pointer dereference 



Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with
errp=NULL, this will cause a NULL pointer dereference if afalg_driver
doesn't support requested algos:

    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
                                                result, resultlen,
                                                errp);
    if (ret == 0) {
        return ret;
    }

    error_free(*errp);  // <--- here

Because the error message is thrown away immediately, we should
just pass NULL to hash_bytesv(). There is also the same problem in
afalg-backend cipher & hmac, let's fix them together.

Reviewed-by: default avatarEric Blake <eblake@redhat.com>
Reported-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarLongpeng <longpeng2@huawei.com>
Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
parent b417a762

crypto/cipher.c

+1 −4
Original line number Diff line number Diff line
@@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
{

    QCryptoCipher *cipher;

    void *ctx = NULL;

    Error *err2 = NULL;

    QCryptoCipherDriver *drv = NULL;



#ifdef CONFIG_AF_ALG

    ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);

    ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);

    if (ctx) {

        drv = &qcrypto_cipher_afalg_driver;

    }
@@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
    if (!ctx) {

        ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);

        if (!ctx) {

            error_free(err2);

            return NULL;

        }



        drv = &qcrypto_cipher_lib_driver;

        error_free(err2);

    }



    cipher = g_new0(QCryptoCipher, 1);

crypto/hash.c

+5 −8
Original line number Diff line number Diff line
@@ -48,19 +48,16 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, 
{

#ifdef CONFIG_AF_ALG

    int ret;



    /*

     * TODO:

     * Maybe we should treat some afalg errors as fatal

     */

    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,

                                                result, resultlen,

                                                errp);

                                                NULL);

    if (ret == 0) {

        return ret;

    }



    /*

     * TODO:

     * Maybe we should treat some afalg errors as fatal

     */

    error_free(*errp);

#endif



    return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,

crypto/hmac.c

+1 −3
Original line number Diff line number Diff line
@@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, 
{

    QCryptoHmac *hmac;

    void *ctx = NULL;

    Error *err2 = NULL;

    QCryptoHmacDriver *drv = NULL;



#ifdef CONFIG_AF_ALG

    ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);

    ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL);

    if (ctx) {

        drv = &qcrypto_hmac_afalg_driver;

    }
@@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, 
        }



        drv = &qcrypto_hmac_lib_driver;

        error_free(err2);

    }



    hmac = g_new0(QCryptoHmac, 1);