Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1157614ybf; Thu, 27 Feb 2020 06:05:32 -0800 (PST) X-Google-Smtp-Source: APXvYqzqnJLSRroSAiNPqPD2fWxvR326vRqeuejOhrcBvJ7xL5lHiKSyQuoG3EDAPf7aCUalB6mV X-Received: by 2002:aca:1903:: with SMTP id l3mr3447552oii.16.1582812332449; Thu, 27 Feb 2020 06:05:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582812332; cv=none; d=google.com; s=arc-20160816; b=iPoHOSNzYD2j2/WMXmgP4o0VWcuNJqL6LafsD6ixEemEOUUXAREWOn1nORpmB60piR BvHSZ3BNapYQK1CjyeyAbgvr5oWEtFavnsotO/9rsxGoz9T8eGTbkiEdfK1Hb3/TaFub +Fp1Ylota3F7MpdepWOxpwBlGm+eUDQ9jxyFnQ9whOstYybQMb5Om6d7WZY8GZozZkHG VeZFxdqquZ9pC8HfQnDyREFIRB4aYd5w8gOtA2JAv5DS/+7PJ6Vf1SKdId4CYGA70rN3 t9lQX91B4wEucID3MWO+DtqM7Pqck1D1IrVqak52UnhGMlqaUMJv2nM5sLYzJ1RO4v+5 IMdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=glVcVj1h6bnH+9oBXXvlHjixJjhKsrwrp0PBBzfe1RA=; b=dvIWn5jUmfJGzfEN8XO6MWeKxf+Kc1ZC5yOMW0ogFd1EjgLDSHLMoJ/MiKWXShUM8Y MhlpQFDTEuHnOlwXsyawI1fo6DxocEtQqX+1aXGZefM7P4M8t0m55QzwepmMsaeuqyQs cH49zatwPNPP55F21z49OVQRzfO3JHF7TutnraglGVmITncq8XOIblrN2n1I86JugMzR FeoR2q6gdxndfZeG4K3iKT338MGqrohZCyab1co2m1MJ+QL5tE96yrliJWK5I/5KZkl1 cjzm7JQDjS8CBCREnjgKDs5MhCoXAGaJvOqMtPpNqLFT8NFXikuaoyXbhXMWyhJXzDTc mlQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=t9tAuHoY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d26si1446796otc.6.2020.02.27.06.05.09; Thu, 27 Feb 2020 06:05:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=t9tAuHoY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387405AbgB0ODV (ORCPT + 99 others); Thu, 27 Feb 2020 09:03:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:38458 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733312AbgB0ODT (ORCPT ); Thu, 27 Feb 2020 09:03:19 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5377A20801; Thu, 27 Feb 2020 14:03:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582812198; bh=hothXiVroBMjSQtLbfartgEN01sSBKIrotloJ+pKrb0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t9tAuHoYqXVMbqIL6QEzt3yc2S7nyCLk7QjgaIBinq4W36bXGVpLxlVpUPWS2BmNl 5waowKYm8EpHtg7KXJ1vZBcK5qs31+pLijciKeeKiCsEEbsk/YJneIf7Ogl9U3V9Qb J3s79bmrHEZ2b8h5lYYLKrIrNnrdMo9yEeGz7CNM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wenwen Wang , Tyler Hicks Subject: [PATCH 4.19 06/97] ecryptfs: fix a memory leak bug in parse_tag_1_packet() Date: Thu, 27 Feb 2020 14:36:14 +0100 Message-Id: <20200227132215.620415637@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200227132214.553656188@linuxfoundation.org> References: <20200227132214.553656188@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wenwen Wang commit fe2e082f5da5b4a0a92ae32978f81507ef37ec66 upstream. In parse_tag_1_packet(), if tag 1 packet contains a key larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES, no cleanup is executed, leading to a memory leak on the allocated 'auth_tok_list_item'. To fix this issue, go to the label 'out_free' to perform the cleanup work. Cc: stable@vger.kernel.org Fixes: dddfa461fc89 ("[PATCH] eCryptfs: Public key; packet management") Signed-off-by: Wenwen Wang Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman --- fs/ecryptfs/keystore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1318,7 +1318,7 @@ parse_tag_1_packet(struct ecryptfs_crypt printk(KERN_WARNING "Tag 1 packet contains key larger " "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n"); rc = -EINVAL; - goto out; + goto out_free; } memcpy((*new_auth_tok)->session_key.encrypted_key, &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));