From af2e53f62c0aae6cd18c5e450977711d16b1cedb Mon Sep 17 00:00:00 2001
From: Richard Yao <richard.yao@alumni.stonybrook.edu>
Date: Mon, 17 Oct 2022 02:06:40 -0400
Subject: [PATCH] Fix possible NULL pointer dereference in sha2_mac_init()

If mechanism->cm_param is NULL, passing mechanism to
PROV_SHA2_GET_DIGEST_LEN() will dereference a NULL pointer.

Coverity reported this.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14044
---
 module/icp/io/sha2_mod.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/module/icp/io/sha2_mod.c b/module/icp/io/sha2_mod.c
index d690cd0bcb..f3125ad845 100644
--- a/module/icp/io/sha2_mod.c
+++ b/module/icp/io/sha2_mod.c
@@ -823,12 +823,15 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 	 */
 	if (mechanism->cm_type % 3 == 2) {
 		if (mechanism->cm_param == NULL ||
-		    mechanism->cm_param_len != sizeof (ulong_t))
-			ret = CRYPTO_MECHANISM_PARAM_INVALID;
-		PROV_SHA2_GET_DIGEST_LEN(mechanism,
-		    PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
-		if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len > sha_digest_len)
+		    mechanism->cm_param_len != sizeof (ulong_t)) {
 			ret = CRYPTO_MECHANISM_PARAM_INVALID;
+		} else {
+			PROV_SHA2_GET_DIGEST_LEN(mechanism,
+			    PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
+			if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len >
+			    sha_digest_len)
+				ret = CRYPTO_MECHANISM_PARAM_INVALID;
+		}
 	}
 
 	if (ret != CRYPTO_SUCCESS) {