mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00
Code Issues Releases Wiki Activity

target/iscsi: avoid NULL dereference in CHAP auth error path

Browse source 
commit ce512d79d0 upstream.

If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then
crypto_free_shash() is called with a NULL pointer which gets
dereferenced in crypto_shash_tfm().

Fixes: 69110e3ced ("iscsi-target: Use shash and ahash")
Suggested-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: David Disseldorp <ddiss@suse.de>
Cc: stable@vger.kernel.org # 4.6+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
David Disseldorp 2017-12-13 18:22:30 +01:00 committed by Greg Kroah-Hartman
parent 0528a533f3
commit 4cbb9fdf13
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
drivers/target/iscsi/iscsi_target_auth.c
View file

@ -421,7 +421,8 @@ static int chap_server_compute_md5(
auth_ret = 0;
out:
kzfree(desc);
crypto_free_shash(tfm);
if (tfm)
crypto_free_shash(tfm);
kfree(challenge);
kfree(challenge_binhex);
return auth_ret;