crypto: sha1-mb - use corrcet pointer while completing jobs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In sha_complete_job, incorrect mcryptd_hash_request_ctx pointer is used
when check and complete other jobs. If the memory of first completed req
is freed, while still completing other jobs in the func, kernel will
crash since NULL pointer is assigned to RIP.

Cc: <stable@vger.kernel.org>
Signed-off-by: Xiaodong Liu <xiaodong.liu@intel.com>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Xiaodong Liu and committed by

Herbert Xu 10 years ago 0851561d 6f0904ad

+2 -2

1 changed file

expand all

arch

x86

crypto

sha-mb

sha1_mb.c

+2 -2

arch/x86/crypto/sha-mb/sha1_mb.c

··· 453 453 454 454 req = cast_mcryptd_ctx_to_req(req_ctx); 455 455 if (irqs_disabled()) 456 - rctx->complete(&req->base, ret); 456 + req_ctx->complete(&req->base, ret); 457 457 else { 458 458 local_bh_disable(); 459 - rctx->complete(&req->base, ret); 459 + req_ctx->complete(&req->base, ret); 460 460 local_bh_enable(); 461 461 } 462 462 }