Skip to content

Commit eea0d3e

Browse files
smuellerDDherbertx
smuellerDD
authored and
herbertx
committed
crypto: drbg - set freed buffers to NULL
During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b9 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent b346e49 commit eea0d3e

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

crypto/drbg.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
11341134
if (!drbg)
11351135
return;
11361136
kzfree(drbg->Vbuf);
1137+
drbg->Vbuf = NULL;
11371138
drbg->V = NULL;
11381139
kzfree(drbg->Cbuf);
1140+
drbg->Cbuf = NULL;
11391141
drbg->C = NULL;
11401142
kzfree(drbg->scratchpadbuf);
11411143
drbg->scratchpadbuf = NULL;

0 commit comments

Comments
 (0)