staging: ccree: NULLify backup_info when unused

backup_info field is only allocated for decrypt code path.
The field was not nullified when not used causing a kfree
in an error handling path to attempt to free random
addresses as uncovered in stress testing.

Fixes: 737aed947f9b ("staging: ccree: save ciphertext for CTS IV")
Cc: stable@vger.kernel.org
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/ccree/ssi_cipher.c b/drivers/staging/ccree/ssi_cipher.c
index 901961553e5fc49354fa0348452170aba9210bdf..7b484f111d12dd5a728881270da33ada7ed51a1f 100644 (file)
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -907,6 +907,7 @@ static int ssi_ablkcipher_encrypt(struct ablkcipher_request *req)
        unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm);
 
        req_ctx->is_giv = false;
+       req_ctx->backup_info = NULL;
 
        return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src,
                                     req->nbytes, req->info, ivsize,