[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Mon Jun 25 14:20:25 UTC 2018 

New commits:
commit 73203d9e8d9bb0893cd7eccf9e0df293270e83c1
Author: Tijs Van Buggenhout <tijs.van.buggenhout at axsguard.com>
Date:   Mon Jun 25 10:16:14 2018 -0400

    KLIPS: Fix _capi_destroy_hmac_key by using crypto_(a)hash_free
    
    The key is incorrectly cast to a 'struct crypto_tfm', as it should be
    either 'struct crypto_hash' or 'struct crypto_ahash' - a crypto_tfm is
    only one of ablkcipher, blkcipher, cipher or compress, not a hash.
    
    Consequently call the correct crypto hash free function on the key to
    clean up allocated data structures.
    
    Avoids...
    BUG: unable to handle kernel NULL pointer dereference at 00000194
    IP: crypto_destroy_tfm+0x18/0x70
    *pdpt = 0000000033a5b001 *pde = 0000000000000000
    Oops: 0000 [#1] SMP
    ...
    EIP: crypto_destroy_tfm+0x18/0x70
    EFLAGS: 00210282 CPU: 2
    EAX: f19b4720 EBX: f19b4720 ECX: 00000000 EDX: c11fc740
    ESI: f19b4720 EDI: 0000006c EBP: f3c93a7c ESP: f3c93a70
    DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
    CR0: 80050033 CR2: 00000194 CR3: 33bf48e0 CR4: 001406f0
    Call Trace:
            _capi_destroy_hmac_key+0x20/0x50 [ipsec]
            ipsec_sa_wipe+0x107/0x520 [ipsec]
            ? ultot+0x70/0x160 [ipsec]
            ? __raw_callee_save___pv_queued_spin_unlock+0x9/0x10
            __ipsec_sa_put+0x2e/0xb0 [ipsec]
            ? sock_poll+0x61/0x80
            ? do_select+0x6b9/0x7c0
            ? ipsec_sa_wipe+0x7c/0x520 [ipsec]
            ipsec_sa_wipe+0x2a2/0x520 [ipsec]
            ? pfkey_extensions_free+0x76/0xd0 [ipsec]
            ? pfkey_extensions_free+0x76/0xd0 [ipsec]
            __ipsec_sa_put+0x2e/0xb0 [ipsec]
            ? ultot+0x70/0x160 [ipsec]
            ? ipsec_sa_untern+0x79/0xa0 [ipsec]
            pfkey_delete_parse+0x11c/0x440 [ipsec]
    ...
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 9dea6a10780f0e0184b3d3289ae10ad3f602ae22
Author: Tijs Van Buggenhout <tijs.van.buggenhout at axsguard.com>
Date:   Mon Jun 25 10:14:18 2018 -0400

    KLIPS: Correct nbytes argument to ahash_request_set_crypt
    
    nbytes represents the number of bytes to process from the source
    scatter/gather list. A fixed size of two is inherently incorrect for any
    size of expected data buffer.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 66919809804366fc5c479728879a17bfaa3960d5
Author: Tijs Van Buggenhout <tijs.van.buggenhout at axsguard.com>
Date:   Mon Jun 25 10:10:20 2018 -0400

    documentation: Fix typo in showhostkey
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

More information about the Swan-commit mailing list