HomeFreeBSD

Fix bad free in skein code

Description

Fix bad free in skein code

Clang's static analyzer found a bad free caused by skein_mac_atomic().
It will allocate a context on the stack and then pass it to
skein_final(), which attempts to free it. Upon inspection,
skein_digest_atomic() also has the same problem.

These functions were created to match the OpenSolaris ICP API, so I was
curious how we avoided this in other providers and looked at the SHA2
code. It appears that SHA2 has a SHA2Final() helper function that is
called by the exported sha2_mac_final()/sha2_digest_final() as well as
the sha2_mac_atomic() and sha2_digest_atomic() functions. The real work
is done in SHA2Final() while some checks and the free are done in
sha2_mac_final()/sha2_digest_final().

We fix the use after free in the skein code by taking inspiration from
the SHA2 code. We introduce a skein_final_nofree() that does most of the
work, and make skein_final() into a function that calls it and then
frees the memory.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13954

Details

Provenance
Richard Yao <richard.yao@alumni.stonybrook.edu>Authored on Sep 27 2022, 7:36 PM
Tony Hutter <hutter2@llnl.gov>Committed on Sep 29 2022, 12:25 AM
Parents
rGa2705b1dd5f8: zpool: Don't print "repairing" on force faulted drives
Branches
Unknown
Tags
Unknown

Event Timeline

Tony Hutter <hutter2@llnl.gov> committed rG566e908fa01e: Fix bad free in skein code (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Sep 29 2022, 12:25 AM