crypto: afalg: fix a NULL pointer dereference

Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with errp=NULL, this will cause a NULL pointer dereference if afalg_driver doesn't support requested algos: ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, errp); if (ret == 0) { return ret; } error_free(*errp); // <--- here Because the error message is thrown away immediately, we should just pass NULL to hash_bytesv(). There is also the same problem in afalg-backend cipher & hmac, let's fix them together. Reviewed-by: Eric Blake <eblake@redhat.com> Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Longpeng <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-11-07 19:32:06 +08:00 · 2017-11-07 19:32:06 +08:00 · f1710638ed
commit f1710638ed
parent b417a7624c
3 changed files with 8 additions and 16 deletions
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 {
    QCryptoCipher *cipher;
    void *ctx = NULL;
-    Error *err2 = NULL;
    QCryptoCipherDriver *drv = NULL;

 #ifdef CONFIG_AF_ALG
-    ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);
+    ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL);
    if (ctx) {
        drv = &qcrypto_cipher_afalg_driver;
    }
@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
    if (!ctx) {
        ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
        if (!ctx) {
-            error_free(err2);
            return NULL;
        }

        drv = &qcrypto_cipher_lib_driver;
-        error_free(err2);
    }

    cipher = g_new0(QCryptoCipher, 1);
--- a/crypto/hash.c
+++ b/crypto/hash.c
@ -48,19 +48,16 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
 {
 #ifdef CONFIG_AF_ALG
    int ret;
-
-    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
-                                                result, resultlen,
-                                                errp);
-    if (ret == 0) {
-        return ret;
-    }
-
    /*
     * TODO:
     * Maybe we should treat some afalg errors as fatal
     */
-    error_free(*errp);
+    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
+                                                result, resultlen,
+                                                NULL);
+    if (ret == 0) {
+        return ret;
+    }
 #endif

    return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
 {
    QCryptoHmac *hmac;
    void *ctx = NULL;
-    Error *err2 = NULL;
    QCryptoHmacDriver *drv = NULL;

 #ifdef CONFIG_AF_ALG
-    ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
+    ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL);
    if (ctx) {
        drv = &qcrypto_hmac_afalg_driver;
    }
@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
        }

        drv = &qcrypto_hmac_lib_driver;
-        error_free(err2);
    }

    hmac = g_new0(QCryptoHmac, 1);