From a5c62f4833c2c8e6e0f35367b99b717b78f5c029 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Thu, 2 Aug 2018 16:39:52 +0200 Subject: CIFS: fix uninitialized ptr deref in smb2 signing server->secmech.sdeschmacsha256 is not properly initialized before smb2_shash_allocate(), set shash after that call. also fix typo in error message Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2") Signed-off-by: Aurelien Aptel Reviewed-by: Paulo Alcantara Reported-by: Xiaoli Feng Signed-off-by: Steve French CC: Stable --- fs/cifs/smb2transport.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'fs/cifs/smb2transport.c') diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c index 3f778937c0e2..7b351c65ee46 100644 --- a/fs/cifs/smb2transport.c +++ b/fs/cifs/smb2transport.c @@ -171,7 +171,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) struct kvec *iov = rqst->rq_iov; struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; struct cifs_ses *ses; - struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; + struct shash_desc *shash; struct smb_rqst drqst; ses = smb2_find_smb_ses(server, shdr->SessionId); @@ -185,7 +185,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) rc = smb2_crypto_shash_allocate(server); if (rc) { - cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); + cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__); return rc; } @@ -196,6 +196,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) return rc; } + shash = &server->secmech.sdeschmacsha256->shash; rc = crypto_shash_init(shash); if (rc) { cifs_dbg(VFS, "%s: Could not init sha256", __func__); -- cgit v1.2.3