Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2951849pxa; Tue, 18 Aug 2020 02:25:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx8rhQY/5Fl1BJ/4mO36rWEgdO+OdyM7dyBT577Xpwl/J3cm9rrex6FcJbj3xJxtnlmk5cU X-Received: by 2002:a17:906:6146:: with SMTP id p6mr19760232ejl.211.1597742733472; Tue, 18 Aug 2020 02:25:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597742733; cv=none; d=google.com; s=arc-20160816; b=zmP3kN164n3WkdFuATfgcUhH0E0SlZJOOaKeWeBz/+yWN4HB7vCQDz0Ouppj/iWgBq N1CGNlXkCzlmtPf9xYlZReHawcEoxQnXY3thzGD8n4GB3VSxJOIkVgYb5J8xOmXS5tgI tzYJeuNjH6N+xMPfe17Qiq6t3LaAiYK6bOlar82HFb10NYdWs9aR3PTZuU4PZNTx42BZ 9cejA6P4WoBtaTbbfTSUYjWEPx0mvnSz7C05/qmHqs3UQWdf3KI4PTPPpoQu8YUt7h+V Psewy2OjZ6s6rv1FgCiprB2qQP++Fw2oVSj892OSJQUpctrg5VjHNYjZ62VezuHKku1v aWtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=M1Suf8+s08LrDmbtGIB8lT3SiziN9ViGKSuV7c12Aas=; b=g/wn1RU3Kzry6bIODu9xGExc3N5RGN7D6eXmg0kVTBbEqflg6eezF5KobMvOZ9dyNY ksmbQ8w+B/zBjsxwBn6RjEi1sNtfhvJDbMcHpaJByVml/f8wIWBxAM6J2yMWoy/Rtgo0 lH+x9vuhoIo0Vd6SP9JihW0h7F21TyMSOqP1eWSPZjqNLbErnuaFj3lPXypvR2obX0Ig 63tAg4YLx0oKpWW8KqFIDMc3bwnc/swcYt8454Qe+yvJ1AjfsAWFKPGY/gnTCdSMUmTm NOq/FIttMmhQdk8Z9oOljTCotT4C84YV2idvy283m/hgunoCzbxKNYC9h2jMcG5GHHpy 4IQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cb1si12914772edb.88.2020.08.18.02.25.07; Tue, 18 Aug 2020 02:25:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726435AbgHRJWf (ORCPT + 99 others); Tue, 18 Aug 2020 05:22:35 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:46126 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726145AbgHRJWf (ORCPT ); Tue, 18 Aug 2020 05:22:35 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 4BC761C0BB6; Tue, 18 Aug 2020 11:22:32 +0200 (CEST) Date: Tue, 18 Aug 2020 11:22:31 +0200 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Gilad Ben-Yossef , Markus Elfring , Herbert Xu , Sasha Levin Subject: Re: [PATCH 4.19 012/168] crypto: ccree - fix resource leak on error path Message-ID: <20200818092231.GA10974@amd> References: <20200817143733.692105228@linuxfoundation.org> <20200817143734.336080170@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline In-Reply-To: <20200817143734.336080170@linuxfoundation.org> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > Fix a small resource leak on the error path of cipher processing. I believe this one is wrong. > @@ -149,10 +148,19 @@ static int cc_cipher_init(struct crypto_tfm *tfm) > ctx_p->flow_mode =3D cc_alg->flow_mode; > ctx_p->drvdata =3D cc_alg->drvdata; > =20 > + if (ctx_p->cipher_mode =3D=3D DRV_CIPHER_ESSIV) { > + /* Alloc hash tfm for essiv */ > + ctx_p->shash_tfm =3D crypto_alloc_shash("sha256-generic", 0, 0); > + if (IS_ERR(ctx_p->shash_tfm)) { > + dev_err(dev, "Error allocating hash tfm for ESSIV.\n"); > + return PTR_ERR(ctx_p->shash_tfm); > + } > + } shash_tfm() is only allocated conditionally. > +free_key: > + kfree(ctx_p->user.key); > +free_shash: > + crypto_free_shash(ctx_p->shash_tfm); But it is freed unconditionally, and free_shash() is not robust against NULL pointer due to undefined behaviour in crypto_shash_tfm. Additionally, it would be cleaner to set ctx_p->shash_tfm to NULL in this path. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl87ndcACgkQMOfwapXb+vJqAgCeJ4kPDDTti77BdUluNZl/BNi4 iugAn0Lm5kyR9qunG2p49VLBxbJaxd/0 =9bnH -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--