Commit d4dbe8a7 authored by Pierre's avatar Pierre Committed by Stefan Bader

crypto: ecc - Fix NULL pointer deref. on no default_rng

If crypto_get_default_rng returns an error, the
function ecc_gen_privkey should return an error.
Instead, it currently tries to use the default_rng
nevertheless, thus creating a kernel panic with a
NULL pointer dereference.
Returning the error directly, as was supposedly
intended when looking at the code, fixes this.
Signed-off-by: default avatarPierre Ducroquet <pinaraf@pinaraf.info>
Reviewed-by: default avatarPrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>

CVE-2018-5383

(cherry picked from commit 4c0e22c9)
Signed-off-by: default avatarPaolo Pisati <paolo.pisati@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent dd3579cb
...@@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) ...@@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
* DRBG with a security strength of 256. * DRBG with a security strength of 256.
*/ */
if (crypto_get_default_rng()) if (crypto_get_default_rng())
err = -EFAULT; return -EFAULT;
err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes); err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
crypto_put_default_rng(); crypto_put_default_rng();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment