crypto: af_alg - fix race accessing cipher request
authorStephan Mueller <smueller@chronox.de>
Fri, 8 Dec 2017 10:50:37 +0000 (11:50 +0100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Mon, 11 Dec 2017 11:29:55 +0000 (22:29 +1100)
commitd53c5135792319e095bb126bc43b2ee98586f7fe
treec7ee7f22e25143a15f5ebeef77430dae79efd14a
parent9abffc6f2efe46c3564c04312e52e07622d40e51
crypto: af_alg - fix race accessing cipher request

When invoking an asynchronous cipher operation, the invocation of the
callback may be performed before the subsequent operations in the
initial code path are invoked. The callback deletes the cipher request
data structure which implies that after the invocation of the
asynchronous cipher operation, this data structure must not be accessed
any more.

The setting of the return code size with the request data structure must
therefore be moved before the invocation of the asynchronous cipher
operation.

Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/algif_aead.c
crypto/algif_skcipher.c