When crypto_shash_digestsize() fails, c->hmac_tfm
has not been freed before returning, which leads
to memleak.
Fixes: 49525e5eecca5 ("ubifs: Add helper functions for authentication support")
Signed-off-by: Dinghao Liu <[email protected]>
---
fs/ubifs/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c
index 51a7c8c2c3f0..e564d5ff8781 100644
--- a/fs/ubifs/auth.c
+++ b/fs/ubifs/auth.c
@@ -327,7 +327,7 @@ int ubifs_init_authentication(struct ubifs_info *c)
ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)",
hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ);
err = -EINVAL;
- goto out_free_hash;
+ goto out_free_hmac;
}
err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen);
--
2.17.1
?? 2021/1/5 14:03, Dinghao Liu ะด??:
> When crypto_shash_digestsize() fails, c->hmac_tfm
> has not been freed before returning, which leads
> to memleak.
>
> Fixes: 49525e5eecca5 ("ubifs: Add helper functions for authentication support")
> Signed-off-by: Dinghao Liu <[email protected]>
Reviewed-by: Zhihao Cheng <[email protected]>
> ---
> fs/ubifs/auth.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c
> index 51a7c8c2c3f0..e564d5ff8781 100644
> --- a/fs/ubifs/auth.c
> +++ b/fs/ubifs/auth.c
> @@ -327,7 +327,7 @@ int ubifs_init_authentication(struct ubifs_info *c)
> ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)",
> hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ);
> err = -EINVAL;
> - goto out_free_hash;
> + goto out_free_hmac;
> }
>
> err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen);
>