git.baikalelectronics.ru Git - kernel.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Fri, 8 Dec 2017 10:50:37 +0000 (11:50 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Mon, 11 Dec 2017 11:29:55 +0000 (22:29 +1100)
commit	6e49f691edc2e870a5664511f3bc51daa84ef76a
tree	c7ee7f22e25143a15f5ebeef77430dae79efd14a	tree \| snapshot
parent	900c7b9d8d897c85ae57438ae920e5dd10e3beba	commit \| diff

crypto: af_alg - fix race accessing cipher request

When invoking an asynchronous cipher operation, the invocation of the
callback may be performed before the subsequent operations in the
initial code path are invoked. The callback deletes the cipher request
data structure which implies that after the invocation of the
asynchronous cipher operation, this data structure must not be accessed
any more.

The setting of the return code size with the request data structure must
therefore be moved before the invocation of the asynchronous cipher
operation.

Fixes: 32eb147bd351 ("crypto: algif_skcipher - overhaul memory management")
Fixes: 15378202a88e ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/algif_aead.c		diff \| blob \| history
crypto/algif_skcipher.c		diff \| blob \| history