diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-12 20:47:58 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-12 20:47:58 +0300 |
commit | 70cd9071e8fbe5eb88e02891bccfe20ae1f52630 (patch) | |
tree | dbc50cf0619ff7bcd0e2af3caa589719cd444a65 | |
parent | f12e0dd0d7c7a82a66621d8e49fd9ecec0b18e19 (diff) | |
parent | 9a00674213a3f00394f4e3221b88f2d21fc05789 (diff) | |
download | linux-70cd9071e8fbe5eb88e02891bccfe20ae1f52630.tar.xz |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"This fixes a NULL pointer dereference in crypto_remove_spawns that can
be triggered through af_alg"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
-rw-r--r-- | crypto/algapi.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/algapi.c b/crypto/algapi.c index 60d7366ed343..9a636f961572 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -167,6 +167,18 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, spawn->alg = NULL; spawns = &inst->alg.cra_users; + + /* + * We may encounter an unregistered instance here, since + * an instance's spawns are set up prior to the instance + * being registered. An unregistered instance will have + * NULL ->cra_users.next, since ->cra_users isn't + * properly initialized until registration. But an + * unregistered instance cannot have any users, so treat + * it the same as ->cra_users being empty. + */ + if (spawns->next == NULL) + break; } } while ((spawns = crypto_more_spawns(alg, &stack, &top, &secondary_spawns))); |