On Thu, Apr 13, 2017 at 02:14:30PM +0200, Christophe JAILLET wrote: > If 'chcr_alloc_shash()' a few lines above fails, 'base_hash' can be an > error pointer when we 'goto out'. > So checking for NULL here is not enough because it is likely that > 'chcr_free_shash' will crash if we pass an error pointer. > > Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr> > --- > Another solution, amybe safer, would be to instrument 'chcr_free_shash' or > 'crypto_free_shash' to accept an error pointer and return immediatelly in > such a case. > --- > drivers/crypto/chelsio/chcr_algo.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/crypto/chelsio/chcr_algo.c > b/drivers/crypto/chelsio/chcr_algo.c > index f19590ac8775..41750b97f43c 100644 > --- a/drivers/crypto/chelsio/chcr_algo.c > +++ b/drivers/crypto/chelsio/chcr_algo.c > @@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead > *authenc, const u8 *key, > } > out: > aeadctx->enckey_len = 0; > - if (base_hash) > + if (!IS_ERR_OR_NULL(base_hash)) > chcr_free_shash(base_hash);
Ah... Ok. Fine, but redo the first patch anyway because it shouldn't ever be NULL. regards, dan carpenter
