From: Matt Lawson <mlawson27@live.com>
Date: Wed, 13 Mar 2024 16:21:19 +0000 (-0400)
Subject: xt_SYSRQ: use SHASH_DESC_ON_STACK
X-Git-Tag: v3.26~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0136b35b26b2460c4ff87149d22d1bfbb356c8e4;p=thirdparty%2Fxtables-addons.git

xt_SYSRQ: use SHASH_DESC_ON_STACK

Similar to https://codeberg.org/jengelh/xtables-addons/issues/11, the
use of the crypto library in the xt_SYSRQ causes memory corruption
and in my case, causes the kernel to lock up.

Declaring the struct shash_desc variable using the
SHASH_DESC_ON_STACK macro appears to fix the issue at least for me.
---

diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index 6461e6d..998a5b9 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -74,7 +74,7 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 {
 	const char *data = pdata;
 	int i, n;
-	struct shash_desc desc;
+	SHASH_DESC_ON_STACK(desc, 0);
 	int ret;
 	long new_seqno = 0;
 
@@ -113,16 +113,16 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 		return NF_DROP;
 	}
 
-	desc.tfm   = sysrq_tfm;
-	ret = crypto_shash_init(&desc);
+	desc->tfm   = sysrq_tfm;
+	ret = crypto_shash_init(desc);
 	if (ret != 0)
 		goto hash_fail;
-	if (crypto_shash_update(&desc, data, n) != 0)
+	if (crypto_shash_update(desc, data, n) != 0)
 		goto hash_fail;
-	if (crypto_shash_update(&desc, sysrq_digest_password,
+	if (crypto_shash_update(desc, sysrq_digest_password,
 	    strlen(sysrq_digest_password)) != 0)
 		goto hash_fail;
-	if (crypto_shash_final(&desc, sysrq_digest) != 0)
+	if (crypto_shash_final(desc, sysrq_digest) != 0)
 		goto hash_fail;
 
 	for (i = 0; i < sysrq_digest_size; ++i) {