Re: [PATCH] crypto: algif_hash - fix double free in hash_accept

From: Herbert Xu
Date: Mon May 19 2025 - 02:04:38 EST

Next message: Herbert Xu: "Re: [PATCH] padata: do not leak refcount in reorder_work"
Previous message: Herbert Xu: "Re: [PATCH v2 0/2] crypto: octeontx2: Changes related to LMTST memory"
In reply to: Ivan Pravdin: "[PATCH] crypto: algif_hash - fix double free in hash_accept"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, May 18, 2025 at 06:41:02PM -0400, Ivan Pravdin wrote:
> If accept(2) is called on socket type algif_hash with
> MSG_MORE flag set and crypto_ahash_import fails,
> sk2 is freed. However, it is also freed in af_alg_release,
> leading to slab-use-after-free error.
>
> Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations")
> Signed-off-by: Ivan Pravdin <ipravdin.official@xxxxxxxxx>
> ---
> crypto/algif_hash.c | 4 ----
> 1 file changed, 4 deletions(-)

Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Herbert Xu: "Re: [PATCH] padata: do not leak refcount in reorder_work"
Previous message: Herbert Xu: "Re: [PATCH v2 0/2] crypto: octeontx2: Changes related to LMTST memory"
In reply to: Ivan Pravdin: "[PATCH] crypto: algif_hash - fix double free in hash_accept"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]