Fix possible NULL pointer dereference in sha2_mac_init()

If mechanism->cm_param is NULL, passing mechanism to
PROV_SHA2_GET_DIGEST_LEN() will dereference a NULL pointer.

Coverity reported this.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14044

diff --git a/module/icp/io/sha2_mod.c b/module/icp/io/sha2_mod.c
index d690cd0bcb05b1003e2500d36c15e8b18c79baa5..f3125ad8452836660534d8e309562ea027d1baff 100644 (file)
--- a/module/icp/io/sha2_mod.c
+++ b/module/icp/io/sha2_mod.c
@@ -823,12 +823,15 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
         */
        if (mechanism->cm_type % 3 == 2) {
                if (mechanism->cm_param == NULL ||
-                   mechanism->cm_param_len != sizeof (ulong_t))
-                       ret = CRYPTO_MECHANISM_PARAM_INVALID;
-               PROV_SHA2_GET_DIGEST_LEN(mechanism,
-                   PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
-               if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len > sha_digest_len)
+                   mechanism->cm_param_len != sizeof (ulong_t)) {
                        ret = CRYPTO_MECHANISM_PARAM_INVALID;
+               } else {
+                       PROV_SHA2_GET_DIGEST_LEN(mechanism,
+                           PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len);
+                       if (PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len >
+                           sha_digest_len)
+                               ret = CRYPTO_MECHANISM_PARAM_INVALID;
+               }
        }
 
        if (ret != CRYPTO_SUCCESS) {