Google Git
Sign in
android / kernel / common / d3ad023a39f1127dcfd331c562673355dc078650
commitd3ad023a39f1127dcfd331c562673355dc078650[log] [tgz]
authorMark O'Donovan <[email protected]>Fri Aug 04 09:32:18 2023 +0000
committerGreg Kroah-Hartman <[email protected]>Sat Sep 23 11:11:02 2023 +0200
tree5baa6fbe71d64ae99baf2ce8cbc90aa83835a6f1
parente5d94c98a72f5f8047facb290d3af748fe86b461 [diff]
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()

[ Upstream commit 9e47a758b70167c9301d2b44d2569f86c7796f2d ]

During NVMeTCP Authentication a controller can trigger a kernel
oops by specifying the 8192 bit Diffie Hellman group and passing
a correctly sized, but zeroed Diffie Hellamn value.
mpi_cmp_ui() was detecting this if the second parameter was 0,
but 1 is passed from dh_is_pubkey_valid(). This causes the null
pointer u->d to be dereferenced towards the end of mpi_cmp_ui()

Signed-off-by: Mark O'Donovan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
1 file changed
tree: 5baa6fbe71d64ae99baf2ce8cbc90aa83835a6f1
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. .rustfmt.toml
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README