LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Julia Lawall <julia@diku.dk>
To: Lars Ellenberg <drbd-dev@lists.linbit.com>
Cc: kernel-janitors@vger.kernel.org, drbd-user@lists.linbit.com,
	linux-kernel@vger.kernel.org
Subject: [PATCH] drivers/block/drbd: add NULL test around call to crypto_free_hash
Date: Mon, 31 Jan 2011 18:51:03 +0100	[thread overview]
Message-ID: <1296496263-16362-1-git-send-email-julia@diku.dk> (raw)

crypto_free_hash calls the function crypto_hash_tfm and then
crypto_free_tfm on the result.  crypto_free_tfm calls crypto_destroy_tfm,
which tests this result for NULL and then dereferences it.  crypto_hash_tfm
returns &tfm->base where tfm is its argument.  base is actually the first
and only field of a crypto_hash-typed structure, so perhaps one can rely on
it to return NULL for a NULL value of tfm.  But most calls to
crypto_hash_tfm where the argument might be NULL don't rely on this
property and test for NULL explicitly.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@safe@
position p;
expression x;
@@

if (x) { <+... crypto_free_hash@p(x) ...+> }

@@
expression x;
position p!=safe.p;
@@

*x = NULL
...
*crypto_free_hash@p(x)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>

---
 drivers/block/drbd/drbd_nl.c       |   18 ++++++++++++------
 drivers/block/drbd/drbd_receiver.c |    6 ++++--
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index 8cbfaa6..aa5fbc0 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -1482,13 +1482,16 @@ static int drbd_nl_net_conf(struct drbd_conf *mdev, struct drbd_nl_cfg_req *nlp,
 		mdev->ee_hash = new_ee_hash;
 	}
 
-	crypto_free_hash(mdev->cram_hmac_tfm);
+	if (mdev->cram_hmac_tfm)
+		crypto_free_hash(mdev->cram_hmac_tfm);
 	mdev->cram_hmac_tfm = tfm;
 
-	crypto_free_hash(mdev->integrity_w_tfm);
+	if (mdev->integrity_w_tfm)
+		crypto_free_hash(mdev->integrity_w_tfm);
 	mdev->integrity_w_tfm = integrity_w_tfm;
 
-	crypto_free_hash(mdev->integrity_r_tfm);
+	if (mdev->integrity_r_tfm)
+		crypto_free_hash(mdev->integrity_r_tfm);
 	mdev->integrity_r_tfm = integrity_r_tfm;
 
 	kfree(mdev->int_dig_out);
@@ -1509,9 +1512,12 @@ fail:
 	kfree(int_dig_out);
 	kfree(int_dig_in);
 	kfree(int_dig_vv);
-	crypto_free_hash(tfm);
-	crypto_free_hash(integrity_w_tfm);
-	crypto_free_hash(integrity_r_tfm);
+	if (tfm)
+		crypto_free_hash(tfm);
+	if (integrity_w_tfm)
+		crypto_free_hash(integrity_w_tfm);
+	if (integrity_r_tfm)
+		crypto_free_hash(integrity_r_tfm);
 	kfree(new_tl_hash);
 	kfree(new_ee_hash);
 	kfree(new_conf);
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index 24487d4..3453cc3 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -2871,9 +2871,11 @@ static int receive_SyncParam(struct drbd_conf *mdev, enum drbd_packets cmd, unsi
 disconnect:
 	/* just for completeness: actually not needed,
 	 * as this is not reached if csums_tfm was ok. */
-	crypto_free_hash(csums_tfm);
+	if (csums_tfm)
+		crypto_free_hash(csums_tfm);
 	/* but free the verify_tfm again, if csums_tfm did not work out */
-	crypto_free_hash(verify_tfm);
+	if (verify_tfm)
+		crypto_free_hash(verify_tfm);
 	drbd_force_state(mdev, NS(conn, C_DISCONNECTING));
 	return FALSE;
 }


             reply	other threads:[~2011-01-31 17:31 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-31 17:51 Julia Lawall [this message]
2011-01-31 17:39 ` walter harms
2011-01-31 17:44   ` Julia Lawall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1296496263-16362-1-git-send-email-julia@diku.dk \
    --to=julia@diku.dk \
    --cc=drbd-dev@lists.linbit.com \
    --cc=drbd-user@lists.linbit.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: [PATCH] drivers/block/drbd: add NULL test around call to crypto_free_hash' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).