This is a note to let you know that I've just added the patch titled
target/iscsi: avoid NULL dereference in CHAP auth error path
to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: target-iscsi-avoid-null-dereference-in-chap-auth-error-path.patch and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From ce512d79d0466a604793addb6b769d12ee326822 Mon Sep 17 00:00:00 2001
From: David Disseldorp ddiss@suse.de Date: Wed, 13 Dec 2017 18:22:30 +0100 Subject: target/iscsi: avoid NULL dereference in CHAP auth error path
From: David Disseldorp ddiss@suse.de
commit ce512d79d0466a604793addb6b769d12ee326822 upstream.
If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then crypto_free_shash() is called with a NULL pointer which gets dereferenced in crypto_shash_tfm().
Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash") Suggested-by: Markus Elfring elfring@users.sourceforge.net Signed-off-by: David Disseldorp ddiss@suse.de Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Nicholas Bellinger nab@linux-iscsi.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/target/iscsi/iscsi_target_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -413,7 +413,8 @@ static int chap_server_compute_md5( auth_ret = 0; out: kzfree(desc); - crypto_free_shash(tfm); + if (tfm) + crypto_free_shash(tfm); kfree(challenge); kfree(challenge_binhex); return auth_ret;
Patches currently in stable-queue which might be from ddiss@suse.de are
queue-4.9/target-iscsi-avoid-null-dereference-in-chap-auth-error-path.patch