diff options
| author | Longpeng <longpeng2@huawei.com> | 2017-11-07 19:32:06 +0800 |
|---|---|---|
| committer | Daniel P. Berrange <berrange@redhat.com> | 2017-11-08 11:05:09 +0000 |
| commit | f1710638edb2e98008c2a733ffda63ef32b50411 (patch) | |
| tree | dd031496b39e093d9c05e781381fd8cf25366981 /crypto | |
| parent | b417a7624c67a1544f8b6afe3de1a18fc380746e (diff) | |
| download | qemu-f1710638edb2e98008c2a733ffda63ef32b50411.tar.gz | |
crypto: afalg: fix a NULL pointer dereference
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with
errp=NULL, this will cause a NULL pointer dereference if afalg_driver
doesn't support requested algos:
ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
errp);
if (ret == 0) {
return ret;
}
error_free(*errp); // <--- here
Because the error message is thrown away immediately, we should
just pass NULL to hash_bytesv(). There is also the same problem in
afalg-backend cipher & hmac, let's fix them together.
Reviewed-by: Eric Blake <eblake@redhat.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Longpeng <longpeng2@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cipher.c | 5 | ||||
| -rw-r--r-- | crypto/hash.c | 13 | ||||
| -rw-r--r-- | crypto/hmac.c | 4 |
3 files changed, 7 insertions, 15 deletions
diff --git a/crypto/cipher.c b/crypto/cipher.c index 0aad9d6d79..bcbfb3d5b8 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -164,11 +164,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, { QCryptoCipher *cipher; void *ctx = NULL; - Error *err2 = NULL; QCryptoCipherDriver *drv = NULL; #ifdef CONFIG_AF_ALG - ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2); + ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, NULL); if (ctx) { drv = &qcrypto_cipher_afalg_driver; } @@ -177,12 +176,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, if (!ctx) { ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp); if (!ctx) { - error_free(err2); return NULL; } drv = &qcrypto_cipher_lib_driver; - error_free(err2); } cipher = g_new0(QCryptoCipher, 1); diff --git a/crypto/hash.c b/crypto/hash.c index ac59c63d5f..8dab25d9ea 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -48,19 +48,16 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, { #ifdef CONFIG_AF_ALG int ret; - + /* + * TODO: + * Maybe we should treat some afalg errors as fatal + */ ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, - errp); + NULL); if (ret == 0) { return ret; } - - /* - * TODO: - * Maybe we should treat some afalg errors as fatal - */ - error_free(*errp); #endif return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov, diff --git a/crypto/hmac.c b/crypto/hmac.c index 82b0055adf..f6c2d8db60 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -90,11 +90,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, { QCryptoHmac *hmac; void *ctx = NULL; - Error *err2 = NULL; QCryptoHmacDriver *drv = NULL; #ifdef CONFIG_AF_ALG - ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2); + ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, NULL); if (ctx) { drv = &qcrypto_hmac_afalg_driver; } @@ -107,7 +106,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, } drv = &qcrypto_hmac_lib_driver; - error_free(err2); } hmac = g_new0(QCryptoHmac, 1); |