2019-11-22 22:07:17

by Navid Emamdoost

Subject: [PATCH] macsec: Fix memory leaks in macsec_decrypt()

In the implementation of macsec_decrypt(), there are two memory leaks
when crypto_aead_decrypt() fails. Release allocated req and skb before
return.

Fixes: c3b7d0bd7ac2 ("macsec: fix rx_sa refcounting with decrypt callback")
Signed-off-by: Navid Emamdoost <[email protected]>
---
drivers/net/macsec.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index afd8b2a08245..34c6fb4eb9ef 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -986,6 +986,8 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
dev_hold(dev);
ret = crypto_aead_decrypt(req);
if (ret == -EINPROGRESS) {
+ aead_request_free(req);
+ kfree_skb(skb);
return ERR_PTR(ret);
} else if (ret != 0) {
/* decryption/authentication failed
--
2.17.1

2019-11-22 22:28:18

by Florian Westphal

Subject: Re: [PATCH] macsec: Fix memory leaks in macsec_decrypt()

Navid Emamdoost <[email protected]> wrote:
> In the implementation of macsec_decrypt(), there are two memory leaks
> when crypto_aead_decrypt() fails. Release allocated req and skb before
> return.
>
> Fixes: c3b7d0bd7ac2 ("macsec: fix rx_sa refcounting with decrypt callback")
> Signed-off-by: Navid Emamdoost <[email protected]>
> ---
> drivers/net/macsec.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
> index afd8b2a08245..34c6fb4eb9ef 100644
> --- a/drivers/net/macsec.c
> +++ b/drivers/net/macsec.c
> @@ -986,6 +986,8 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
> dev_hold(dev);
> ret = crypto_aead_decrypt(req);
> if (ret == -EINPROGRESS) {
> + aead_request_free(req);
> + kfree_skb(skb);

-EINPROGRESS means decryption is handled asynchronously, no?

> return ERR_PTR(ret);
> } else if (ret != 0) {
> /* decryption/authentication failed

This is the error handling/failure path.