commit b2df03ed4052e97126267e8c13ad4204ea6ba9b6
author Ivan Pravdin <ipravdin.official@gmail.com> Sun May 18 18:41:02 2025 -0400
committer Herbert Xu <herbert@gondor.apana.org.au> Mon May 19 13:44:16 2025 +0800
tree 195d9ca059427d2a2e481d1e4341ac18ae339189
parent d6ebcde6d4ecf34f8495fb30516645db3aea8993

crypto: algif_hash - fix double free in hash_accept

If accept(2) is called on socket type algif_hash with
MSG_MORE flag set and crypto_ahash_import fails,
sk2 is freed. However, it is also freed in af_alg_release,
leading to slab-use-after-free error.

Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>