[CRYPTO] cryptomgr: Fix use after free
By the time kthread_run returns the param may have already been freed so writing the returned thread_struct pointer to param is wrong. In fact, we don't need it in param anyway so this patch simply puts it on the stack. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
f6259deacf
commit
1605b8471d
|
@ -24,8 +24,6 @@
|
|||
#include "internal.h"
|
||||
|
||||
struct cryptomgr_param {
|
||||
struct task_struct *thread;
|
||||
|
||||
struct rtattr *tb[CRYPTOA_MAX];
|
||||
|
||||
struct {
|
||||
|
@ -81,6 +79,7 @@ err:
|
|||
|
||||
static int cryptomgr_schedule_probe(struct crypto_larval *larval)
|
||||
{
|
||||
struct task_struct *thread;
|
||||
struct cryptomgr_param *param;
|
||||
const char *name = larval->alg.cra_name;
|
||||
const char *p;
|
||||
|
@ -130,8 +129,8 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval)
|
|||
|
||||
memcpy(param->larval.name, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME);
|
||||
|
||||
param->thread = kthread_run(cryptomgr_probe, param, "cryptomgr");
|
||||
if (IS_ERR(param->thread))
|
||||
thread = kthread_run(cryptomgr_probe, param, "cryptomgr");
|
||||
if (IS_ERR(thread))
|
||||
goto err_free_param;
|
||||
|
||||
return NOTIFY_STOP;
|
||||
|
|
Loading…
Reference in New Issue