iscsi: avoid NULL dereference in CHAP auth error path

Greg Kroah-Hartman Wed, 21 Feb 2018 05:13:11 -0800

4.15-stable review patch.  If anyone has any objections, please let me know.


------------------

From: David Disseldorp <dd...@suse.de>

commit ce512d79d0466a604793addb6b769d12ee326822 upstream.

If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then
crypto_free_shash() is called with a NULL pointer which gets
dereferenced in crypto_shash_tfm().

Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash")
Suggested-by: Markus Elfring <elfr...@users.sourceforge.net>
Signed-off-by: David Disseldorp <dd...@suse.de>
Cc: sta...@vger.kernel.org # 4.6+
Signed-off-by: Nicholas Bellinger <n...@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 drivers/target/iscsi/iscsi_target_auth.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -421,7 +421,8 @@ static int chap_server_compute_md5(
        auth_ret = 0;
 out:
        kzfree(desc);
-       crypto_free_shash(tfm);
+       if (tfm)
+               crypto_free_shash(tfm);
        kfree(challenge);
        kfree(challenge_binhex);
        return auth_ret;

[PATCH 4.15 132/163] target/iscsi: avoid NULL dereference in CHAP auth error path

Reply via email to