Commit ce512d79 authored by David Disseldorp's avatar David Disseldorp Committed by Nicholas Bellinger

target/iscsi: avoid NULL dereference in CHAP auth error path

If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then
crypto_free_shash() is called with a NULL pointer which gets
dereferenced in crypto_shash_tfm().

Fixes: 69110e3c ("iscsi-target: Use shash and ahash")
Suggested-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
Signed-off-by: default avatarDavid Disseldorp <ddiss@suse.de>
Cc: stable@vger.kernel.org # 4.6+
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 093ec143
...@@ -421,7 +421,8 @@ static int chap_server_compute_md5( ...@@ -421,7 +421,8 @@ static int chap_server_compute_md5(
auth_ret = 0; auth_ret = 0;
out: out:
kzfree(desc); kzfree(desc);
crypto_free_shash(tfm); if (tfm)
crypto_free_shash(tfm);
kfree(challenge); kfree(challenge);
kfree(challenge_binhex); kfree(challenge_binhex);
return auth_ret; return auth_ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment