[Drbd-dev] [PATCH 1/2] block: drbd: Fix a possible null-pointer dereference in receive_protocol()
Roland Kammerer
roland.kammerer at linbit.com
Wed Jul 24 13:48:39 CEST 2019
On Wed, Jul 24, 2019 at 11:49:16AM +0800, Jia-Ju Bai wrote:
> In receive_protocol(), when crypto_alloc_shash() on line 3754 fails,
> peer_integrity_tfm is NULL, and error handling code is executed.
> In this code, crypto_free_shash() is called with NULL, which can cause a
> null-pointer dereference, because:
> crypto_free_shash(NULL)
> crypto_ahash_tfm(NULL)
> "return &NULL->base"
>
> To fix this bug, peer_integrity_tfm is checked before calling
> crypto_free_shash().
>
> This bug is found by a static analysis tool STCheck written by us.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990 at gmail.com>
Reviewed-by: Roland Kammerer <roland.kammerer at linbit.com>
More information about the drbd-dev
mailing list