android_kernel_samsung_msm8976/crypto
Eric Biggers 79c5ab8739 crypto: algapi - fix NULL dereference in crypto_remove_spawns()
commit 9a00674213a3f00394f4e3221b88f2d21fc05789 upstream.

syzkaller triggered a NULL pointer dereference in crypto_remove_spawns()
via a program that repeatedly and concurrently requests AEADs
"authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)"
through AF_ALG, where the hashes are requested as "untested"
(CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this
causes the template to be instantiated for every request).

Although AF_ALG users really shouldn't be able to request an "untested"
algorithm, the NULL pointer dereference is actually caused by a
longstanding race condition where crypto_remove_spawns() can encounter
an instance which has had spawn(s) "grabbed" but hasn't yet been
registered, resulting in ->cra_users still being NULL.

We probably should properly initialize ->cra_users earlier, but that
would require updating many templates individually.  For now just fix
the bug in a simple way that can easily be backported: make
crypto_remove_spawns() treat a NULL ->cra_users list as empty.

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2019-07-27 21:46:25 +02:00
..
asymmetric_keys crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2019-07-27 21:42:52 +02:00
async_tx
842.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
ablk_helper.c crypto: ablk_helper - Replace memcpy with struct assignment 2015-03-19 14:52:28 -07:00
ablkcipher.c crypto: skcipher - Add crypto_skcipher_has_setkey 2019-07-27 21:42:06 +02:00
aead.c
aes_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
af_alg.c crypto: af_alg - Forbid bind(2) when nokey child sockets are present 2019-07-27 21:42:08 +02:00
ahash.c crypto: hash - Add crypto_ahash_has_setkey 2019-07-27 21:42:05 +02:00
algapi.c crypto: algapi - fix NULL dereference in crypto_remove_spawns() 2019-07-27 21:46:25 +02:00
algboss.c
algif_hash.c crypto: algif_hash - avoid zero-sized array 2019-07-27 21:44:05 +02:00
algif_skcipher.c crypto: AF_ALG - remove SGL terminator indicator when chaining 2019-07-27 21:44:42 +02:00
ansi_cprng.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
api.c crypto: api - Only abort operations on fatal signal 2015-11-09 10:12:59 -08:00
arc4.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
authenc.c crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2019-07-27 21:42:52 +02:00
authencesn.c crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2019-07-27 21:42:52 +02:00
blkcipher.c crypto: skcipher - Fix blkcipher walk OOM crash 2019-07-27 21:42:09 +02:00
blowfish_common.c
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
cast_common.c
cbc.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
ccm.c crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2019-07-27 21:42:52 +02:00
chainiv.c This is the 3.10.67 stable release 2015-04-24 18:04:40 -07:00
cipher.c
cmac.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
compress.c
crc32.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
crc32c.c crypto: crc32c - add missing crypto module alias 2015-02-11 14:48:18 +08:00
cryptd.c crypto: cryptd - Assign statesize properly 2019-07-27 21:44:03 +02:00
crypto_null.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
crypto_user.c crypto: user - lock crypto_alg_list on alg dump 2016-02-19 14:22:41 -08:00
crypto_wq.c
ctr.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
cts.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
deflate.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
ecb.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
eseqiv.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
fips.c
gcm.c crypto: gcm - wait for crypto op not signal safe 2019-07-27 21:44:48 +02:00
gf128mul.c
ghash-generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
hmac.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2019-07-27 21:45:46 +02:00
internal.h
Kconfig arm: crypto: Add optimized SHA-256/224 2015-09-16 18:20:15 +05:30
khazad.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
krng.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
lrw.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
lzo.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
Makefile crypto: improve gcc optimization flags for serpent and wp512 2019-07-27 21:43:58 +02:00
md4.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
md5.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
memneq.c crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2019-07-27 21:42:52 +02:00
michael_mic.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
pcbc.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
pcompress.c
pcrypt.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
proc.c
ripemd.h
rmd128.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
rng.c
salsa20_generic.c crypto: salsa20 - fix blkcipher_walk API usage 2019-07-27 21:45:46 +02:00
scatterwalk.c crypto: scatterwalk - Fix test in scatterwalk_done 2019-07-27 21:41:53 +02:00
seed.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
seqiv.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
serpent_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
sha1_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
sha256_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
sha512_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
shash.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2019-07-27 21:45:46 +02:00
tcrypt.c
tcrypt.h
tea.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
testmgr.c
testmgr.h
tgr192.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
twofish_common.c
twofish_generic.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
vmac.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
wp512.c crypto: add missing crypto module aliases 2015-01-29 17:40:57 -08:00
xcbc.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
xor.c
xts.c crypto: include crypto- module prefix in template 2015-01-29 17:40:57 -08:00
zlib.c crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00