Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Fix possible NULL pointer dereference in sha2_mac_init() 

If mechanism->cm_param is NULL, passing mechanism to
PROV_SHA2_GET_DIGEST_LEN() will dereference a NULL pointer.

Coverity reported this.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14044
This commit is contained in:
Richard Yao 2022-10-17 02:06:40 -04:00 committed by Tony Hutter
parent 89c41f3979
commit af2e53f62c
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
module/icp/io/sha2_mod.c
View File

@ -823,13 +823,16 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
*/ */
if (mechanism->cm_type % 3 == 2) { if (mechanism->cm_type % 3 == 2) {
if (mechanism->cm_param == NULL || if (mechanism->cm_param == NULL ||
mechanism->cm_param_len != sizeof (ulong_t)) mechanism->cm_param_len != sizeof (ulong_t)) {
ret = CRYPTO_MECHANISM_PARAM_INVALID; ret = CRYPTO_MECHANISM_PARAM_INVALID;
} else {
PROV_SHA2_GET_DIGEST_LEN(mechanism, PROV_SHA2_GET_DIGEST_LEN(mechanism,
PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len); PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len > sha_digest_len) if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len >
sha_digest_len)
ret = CRYPTO_MECHANISM_PARAM_INVALID; ret = CRYPTO_MECHANISM_PARAM_INVALID;
} }
}
if (ret != CRYPTO_SUCCESS) { if (ret != CRYPTO_SUCCESS) {
bzero(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t)); bzero(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t));