target/iscsi: avoid NULL dereference in CHAP auth error path commit ce512d79d0466a604793addb6b769d12ee326822 upstream. If chap_server_compute_md5() fails early, e.g. via CHAP_N mismatch, then crypto_free_shash() is called with a NULL pointer which gets dereferenced in crypto_shash_tfm(). Fixes: 69110e3cedbb ("iscsi-target: Use shash and ahash") Suggested-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David Disseldorp <ddiss@suse.de> Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: fffc0fcaebebefd06b07838e4aad5ef5f30803fd [log] [tgz]
author: David Disseldorp <ddiss@suse.de> Wed Dec 13 18:22:30 2017 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Thu Feb 22 15:43:49 2018 +0100
tree: 30a186cd2581a3e5214c1d853deebf717f94ba91
parent: 28130f4d2340a87ea4b84e55f43016ebf86b9a2e [diff] [blame]
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index e116f0e..98f75e5 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c

@@ -413,7 +413,8 @@
 	auth_ret = 0;
 out:
 	kzfree(desc);
-	crypto_free_shash(tfm);
+	if (tfm)
+		crypto_free_shash(tfm);
 	kfree(challenge);
 	kfree(challenge_binhex);
 	return auth_ret;
commit	fffc0fcaebebefd06b07838e4aad5ef5f30803fd	[log] [tgz]
author	David Disseldorp <ddiss@suse.de>	Wed Dec 13 18:22:30 2017 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Thu Feb 22 15:43:49 2018 +0100
tree	30a186cd2581a3e5214c1d853deebf717f94ba91
parent	28130f4d2340a87ea4b84e55f43016ebf86b9a2e [diff] [blame]