From: Torsten Duwe <duwe@suse.de>
Subject: crypto/lrw.c: protect gf128mul from NULL pointers
Patch-mainline: never, resolved differently
References: bsc#1008374, CVE-2015-8970

Syzkaller has found a way to trigger a null pointer deref calling read on
a crypto socket without a key being set. Consequently, Herbert Xu has
disimproved the code upstream by a set of changes that heavily break the
kernel ABI.

Behold the git commits: dd504589577d, 37766586c965, a0fa2d037129,...

Fortunately, in v3.0, LRW is the only algo with a dynamic user-controllable
component in its context structure, so instead of the heavy patching we only
guard that.

Signed-off-by: Torsten Duwe <duwe@suse.de>

--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -154,6 +154,9 @@ static int crypt(struct blkcipher_desc *
 	iv = (be128 *)w->iv;
 	s.t = *iv;
 
+	if (!ctx->table)
+		return -ENOKEY;
+
 	/* T <- I*Key2 */
 	gf128mul_64k_bbe(&s.t, ctx->table);
 
