crypto: drbg - set freed buffers to NULL
commiteea0d3ea75
upstream. During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes:3cfc3b9721
("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
8970c12ac9
commit
2e2d6f1e78
|
@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
|
|||
if (!drbg)
|
||||
return;
|
||||
kzfree(drbg->Vbuf);
|
||||
drbg->Vbuf = NULL;
|
||||
drbg->V = NULL;
|
||||
kzfree(drbg->Cbuf);
|
||||
drbg->Cbuf = NULL;
|
||||
drbg->C = NULL;
|
||||
kzfree(drbg->scratchpadbuf);
|
||||
drbg->scratchpadbuf = NULL;
|
||||
|
|
Loading…
Reference in New Issue