crypto: drbg - set freed buffers to NULL

During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: faba028f3f7b4 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Mueller <smueller@chronox.de> 2018-04-12 08:40:55 +0200
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-21 00:57:00 +0800
commit: ef734472771a62ae9f901367a40a89382a991917 (patch)
tree: fb78e31032dcca2fcb0e9123cf11be12728f99c5 /crypto
parent: fca38aeffeb10dc2282ba84720092c6224dd53a8 (diff)
download: linux-crypto-ef734472771a62ae9f901367a40a89382a991917.tar.gz
linux-crypto-ef734472771a62ae9f901367a40a89382a991917.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 4faa2781..466a112a 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
 	if (!drbg)
 		return;
 	kzfree(drbg->Vbuf);
+	drbg->Vbuf = NULL;
 	drbg->V = NULL;
 	kzfree(drbg->Cbuf);
+	drbg->Cbuf = NULL;
 	drbg->C = NULL;
 	kzfree(drbg->scratchpadbuf);
 	drbg->scratchpadbuf = NULL;
author	Stephan Mueller <smueller@chronox.de>	2018-04-12 08:40:55 +0200
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-04-21 00:57:00 +0800
commit	ef734472771a62ae9f901367a40a89382a991917 (patch)
tree	fb78e31032dcca2fcb0e9123cf11be12728f99c5 /crypto
parent	fca38aeffeb10dc2282ba84720092c6224dd53a8 (diff)
download	linux-crypto-ef734472771a62ae9f901367a40a89382a991917.tar.gz linux-crypto-ef734472771a62ae9f901367a40a89382a991917.zip