summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-01-12 20:47:58 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2018-01-12 20:47:58 +0300
commit70cd9071e8fbe5eb88e02891bccfe20ae1f52630 (patch)
treedbc50cf0619ff7bcd0e2af3caa589719cd444a65
parentf12e0dd0d7c7a82a66621d8e49fd9ecec0b18e19 (diff)
parent9a00674213a3f00394f4e3221b88f2d21fc05789 (diff)
downloadlinux-70cd9071e8fbe5eb88e02891bccfe20ae1f52630.tar.xz
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu: "This fixes a NULL pointer dereference in crypto_remove_spawns that can be triggered through af_alg" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algapi - fix NULL dereference in crypto_remove_spawns()
-rw-r--r--crypto/algapi.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 60d7366ed343..9a636f961572 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -167,6 +167,18 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
spawn->alg = NULL;
spawns = &inst->alg.cra_users;
+
+ /*
+ * We may encounter an unregistered instance here, since
+ * an instance's spawns are set up prior to the instance
+ * being registered. An unregistered instance will have
+ * NULL ->cra_users.next, since ->cra_users isn't
+ * properly initialized until registration. But an
+ * unregistered instance cannot have any users, so treat
+ * it the same as ->cra_users being empty.
+ */
+ if (spawns->next == NULL)
+ break;
}
} while ((spawns = crypto_more_spawns(alg, &stack, &top,
&secondary_spawns)));