https://github.com/torvalds/linux
Revision 2b95fda2c4fcb6d6625963f889247538f247fce0 authored by Andrey Ryabinin on 24 November 2016, 13:23:03 UTC, committed by James Morris on 25 November 2016, 01:57:48 UTC
We shouldn't free cert->pub->key in x509_cert_parse() because x509_free_certificate() also does this: BUG: Double free or freeing an invalid pointer ... Call Trace: [<ffffffff81896c20>] dump_stack+0x63/0x83 [<ffffffff81356571>] kasan_object_err+0x21/0x70 [<ffffffff81356ed9>] kasan_report_double_free+0x49/0x60 [<ffffffff813561ad>] kasan_slab_free+0x9d/0xc0 [<ffffffff81350b7a>] kfree+0x8a/0x1a0 [<ffffffff81844fbf>] public_key_free+0x1f/0x30 [<ffffffff818455d4>] x509_free_certificate+0x24/0x90 [<ffffffff818460bc>] x509_cert_parse+0x2bc/0x300 [<ffffffff81846cae>] x509_key_preparse+0x3e/0x330 [<ffffffff818444cf>] asymmetric_key_preparse+0x6f/0x100 [<ffffffff8178bec0>] key_create_or_update+0x260/0x5f0 [<ffffffff8178e6d9>] SyS_add_key+0x199/0x2a0 [<ffffffff821d823b>] entry_SYSCALL_64_fastpath+0x1e/0xad Object at ffff880110bd1900, in cache kmalloc-512 size: 512 .... Freed: PID = 2579 [<ffffffff8104283b>] save_stack_trace+0x1b/0x20 [<ffffffff813558f6>] save_stack+0x46/0xd0 [<ffffffff81356183>] kasan_slab_free+0x73/0xc0 [<ffffffff81350b7a>] kfree+0x8a/0x1a0 [<ffffffff818460a3>] x509_cert_parse+0x2a3/0x300 [<ffffffff81846cae>] x509_key_preparse+0x3e/0x330 [<ffffffff818444cf>] asymmetric_key_preparse+0x6f/0x100 [<ffffffff8178bec0>] key_create_or_update+0x260/0x5f0 [<ffffffff8178e6d9>] SyS_add_key+0x199/0x2a0 [<ffffffff821d823b>] entry_SYSCALL_64_fastpath+0x1e/0xad Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: <stable@vger.kernel.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
1 parent 16ae16c
Tip revision: 2b95fda2c4fcb6d6625963f889247538f247fce0 authored by Andrey Ryabinin on 24 November 2016, 13:23:03 UTC
X.509: Fix double free in x509_cert_parse() [ver #3]
X.509: Fix double free in x509_cert_parse() [ver #3]
Tip revision: 2b95fda
File | Mode | Size |
---|---|---|
asymmetric_keys | ||
async_tx | ||
.gitignore | -rw-r--r-- | 12 bytes |
842.c | -rw-r--r-- | 2.6 KB |
Kconfig | -rw-r--r-- | 49.0 KB |
Makefile | -rw-r--r-- | 5.0 KB |
ablk_helper.c | -rw-r--r-- | 4.4 KB |
ablkcipher.c | -rw-r--r-- | 12.9 KB |
aead.c | -rw-r--r-- | 10.1 KB |
aes_generic.c | -rw-r--r-- | 62.0 KB |
af_alg.c | -rw-r--r-- | 10.6 KB |
ahash.c | -rw-r--r-- | 14.7 KB |
akcipher.c | -rw-r--r-- | 3.9 KB |
algapi.c | -rw-r--r-- | 21.1 KB |
algboss.c | -rw-r--r-- | 6.3 KB |
algif_aead.c | -rw-r--r-- | 18.8 KB |
algif_hash.c | -rw-r--r-- | 10.4 KB |
algif_rng.c | -rw-r--r-- | 5.2 KB |
algif_skcipher.c | -rw-r--r-- | 21.0 KB |
ansi_cprng.c | -rw-r--r-- | 10.9 KB |
anubis.c | -rw-r--r-- | 27.8 KB |
api.c | -rw-r--r-- | 13.8 KB |
arc4.c | -rw-r--r-- | 3.4 KB |
authenc.c | -rw-r--r-- | 13.9 KB |
authencesn.c | -rw-r--r-- | 15.2 KB |
blkcipher.c | -rw-r--r-- | 15.0 KB |
blowfish_common.c | -rw-r--r-- | 15.7 KB |
blowfish_generic.c | -rw-r--r-- | 3.4 KB |
camellia_generic.c | -rw-r--r-- | 34.9 KB |
cast5_generic.c | -rw-r--r-- | 20.9 KB |
cast6_generic.c | -rw-r--r-- | 9.5 KB |
cast_common.c | -rw-r--r-- | 13.1 KB |
cbc.c | -rw-r--r-- | 7.5 KB |
ccm.c | -rw-r--r-- | 22.7 KB |
chacha20_generic.c | -rw-r--r-- | 3.9 KB |
chacha20poly1305.c | -rw-r--r-- | 19.3 KB |
cipher.c | -rw-r--r-- | 3.3 KB |
cmac.c | -rw-r--r-- | 7.5 KB |
compress.c | -rw-r--r-- | 1.3 KB |
crc32_generic.c | -rw-r--r-- | 3.8 KB |
crc32c_generic.c | -rw-r--r-- | 4.3 KB |
crct10dif_common.c | -rw-r--r-- | 3.6 KB |
crct10dif_generic.c | -rw-r--r-- | 3.2 KB |
cryptd.c | -rw-r--r-- | 28.6 KB |
crypto_engine.c | -rw-r--r-- | 12.2 KB |
crypto_null.c | -rw-r--r-- | 5.3 KB |
crypto_user.c | -rw-r--r-- | 12.6 KB |
crypto_wq.c | -rw-r--r-- | 972 bytes |
ctr.c | -rw-r--r-- | 12.4 KB |
cts.c | -rw-r--r-- | 12.2 KB |
deflate.c | -rw-r--r-- | 5.4 KB |
des_generic.c | -rw-r--r-- | 35.7 KB |
dh.c | -rw-r--r-- | 3.7 KB |
dh_helper.c | -rw-r--r-- | 2.6 KB |
drbg.c | -rw-r--r-- | 56.9 KB |
ecb.c | -rw-r--r-- | 4.9 KB |
ecc.c | -rw-r--r-- | 24.4 KB |
ecc.h | -rw-r--r-- | 3.4 KB |
ecc_curve_defs.h | -rw-r--r-- | 1.5 KB |
ecdh.c | -rw-r--r-- | 3.5 KB |
ecdh_helper.c | -rw-r--r-- | 2.3 KB |
echainiv.c | -rw-r--r-- | 4.6 KB |
fcrypt.c | -rw-r--r-- | 18.0 KB |
fips.c | -rw-r--r-- | 1.6 KB |
gcm.c | -rw-r--r-- | 33.2 KB |
gf128mul.c | -rw-r--r-- | 13.2 KB |
ghash-generic.c | -rw-r--r-- | 3.6 KB |
hash_info.c | -rw-r--r-- | 1.9 KB |
hmac.c | -rw-r--r-- | 6.8 KB |
internal.h | -rw-r--r-- | 4.2 KB |
jitterentropy-kcapi.c | -rw-r--r-- | 6.0 KB |
jitterentropy.c | -rw-r--r-- | 23.9 KB |
keywrap.c | -rw-r--r-- | 12.6 KB |
khazad.c | -rw-r--r-- | 51.8 KB |
kpp.c | -rw-r--r-- | 2.9 KB |
lrw.c | -rw-r--r-- | 9.2 KB |
lz4.c | -rw-r--r-- | 2.5 KB |
lz4hc.c | -rw-r--r-- | 2.6 KB |
lzo.c | -rw-r--r-- | 2.6 KB |
mcryptd.c | -rw-r--r-- | 17.4 KB |
md4.c | -rw-r--r-- | 6.2 KB |
md5.c | -rw-r--r-- | 4.1 KB |
memneq.c | -rw-r--r-- | 6.1 KB |
michael_mic.c | -rw-r--r-- | 3.6 KB |
pcbc.c | -rw-r--r-- | 7.7 KB |
pcrypt.c | -rw-r--r-- | 13.2 KB |
poly1305_generic.c | -rw-r--r-- | 8.0 KB |
proc.c | -rw-r--r-- | 3.0 KB |
ripemd.h | -rw-r--r-- | 974 bytes |
rmd128.c | -rw-r--r-- | 10.2 KB |
rmd160.c | -rw-r--r-- | 12.6 KB |
rmd256.c | -rw-r--r-- | 10.6 KB |
rmd320.c | -rw-r--r-- | 13.1 KB |
rng.c | -rw-r--r-- | 5.0 KB |
rsa-pkcs1pad.c | -rw-r--r-- | 17.6 KB |
rsa.c | -rw-r--r-- | 7.5 KB |
rsa_helper.c | -rw-r--r-- | 4.2 KB |
rsaprivkey.asn1 | -rw-r--r-- | 316 bytes |
rsapubkey.asn1 | -rw-r--r-- | 82 bytes |
salsa20_generic.c | -rw-r--r-- | 6.7 KB |
scatterwalk.c | -rw-r--r-- | 2.2 KB |
seed.c | -rw-r--r-- | 17.4 KB |
seqiv.c | -rw-r--r-- | 5.4 KB |
serpent_generic.c | -rw-r--r-- | 21.2 KB |
sha1_generic.c | -rw-r--r-- | 2.6 KB |
sha256_generic.c | -rw-r--r-- | 11.0 KB |
sha3_generic.c | -rw-r--r-- | 7.0 KB |
sha512_generic.c | -rw-r--r-- | 7.1 KB |
shash.c | -rw-r--r-- | 14.1 KB |
skcipher.c | -rw-r--r-- | 12.0 KB |
tcrypt.c | -rw-r--r-- | 50.8 KB |
tcrypt.h | -rw-r--r-- | 4.3 KB |
tea.c | -rw-r--r-- | 6.6 KB |
testmgr.c | -rw-r--r-- | 90.1 KB |
testmgr.h | -rw-r--r-- | 1.2 MB |
tgr192.c | -rw-r--r-- | 30.5 KB |
twofish_common.c | -rw-r--r-- | 37.8 KB |
twofish_generic.c | -rw-r--r-- | 6.3 KB |
vmac.c | -rw-r--r-- | 18.9 KB |
wp512.c | -rw-r--r-- | 59.8 KB |
xcbc.c | -rw-r--r-- | 7.2 KB |
xor.c | -rw-r--r-- | 4.0 KB |
xts.c | -rw-r--r-- | 8.5 KB |
Computing file changes ...