Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp245833pxy;
        Fri, 30 Apr 2021 04:39:46 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwvNPbO9F1Nz/p7cXMJE64y0flzQm9OkCypYjePoFWOpeVpn4gjrylV9BeyXnNUQcvCmxH3
X-Received: by 2002:a17:902:8e89:b029:e9:a576:886e with SMTP id bg9-20020a1709028e89b02900e9a576886emr4719106plb.65.1619782786026;
        Fri, 30 Apr 2021 04:39:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619782786; cv=none;
        d=google.com; s=arc-20160816;
        b=D8Ey1nwiw+A37ew2kU+lxIwUWoX335xFSTudZCox617JM14NAuj2FTlSYoIsTZlrRJ
         raSVXFFHM8JUUXmDrH1xn+EcgHA+m6c1MJF8cztYiloqANitzWx9Bzy5zgURCvXB54Wo
         0ToV7xgJ8TibQF2HpuAv4EGc6/+wvCc1AAoknZ/+nQBlilzbh3HNaeaoFt9e4V5THN2G
         s/UGueQ/e3n0AQgCyB0M2DgqjV+Sr8k1fVaqQ35ojE2Av22BcKd06bdqhTxP9MTRly/l
         ghcZwUS/jZhPq/TL00lVewBDB82fwRRRmohjZ/Ol2sA92HvqqQBRxRqerGHNAP8Jd6Uj
         Z0ow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=CBrMhM+tYL6PPkdgNKhJ5ajYsh2J3zqQHrs63OvYQg8=;
        b=SDCPyxbJcNEDBR4jocKHvM3s8G2IFK8kT4Tbbs5GlAeVW0NEWMVp53FmiOPc6Ry2Sx
         KxISPIpTT2O3oR4ixVTCOlCJwSQu3dYUqtMHGnXhDNL2jqCXPCwS5qRGFt7du73GlR29
         gDOXK3NHJDsw4vdCnCbRcSLg+/E3masCMhsOSPcUrWWsneA0alLh5C7rk7VTJgUSUNlc
         KNIxQqgKrpGR5TKipy6FhGGoe/a0VGibIAw6W0sQuvYPQP8VJMVDnXyWs1k2EyPFbC4M
         s42PVNAFDW7TG3FNi5hZaP1OqihVj0jPEFtBBLHNu12A0tdhLtCLijda3l147JN49vRk
         Ycew==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x15si3201468pgx.57.2021.04.30.04.39.20;
        Fri, 30 Apr 2021 04:39:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231905AbhD3LiU (ORCPT <rfc822;liuxiaomingdev@gmail.com>
        + 99 others); Fri, 30 Apr 2021 07:38:20 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:56602 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229911AbhD3LiT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 30 Apr 2021 07:38:19 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <colin.king@canonical.com>)
        id 1lcRSW-0004rU-TC; Fri, 30 Apr 2021 11:37:24 +0000
From:   Colin King <colin.king@canonical.com>
To:     James Bottomley <jejb@linux.ibm.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Mimi Zohar <zohar@linux.ibm.com>,
        David Howells <dhowells@redhat.com>,
        James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     kernel-janitors@vger.kernel.org, clang-built-linux@googlegroups.com
Subject: [PATCH] KEYS: trusted: Fix memory leak on object td
Date:   Fri, 30 Apr 2021 12:37:24 +0100
Message-Id: <20210430113724.110746-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

Two error return paths are neglecting to free allocated object td,
causing a memory leak. Fix this by returning via the error return
path that securely kfree's td.

Fixes clang scan-build warning:
security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential
memory leak [unix.Malloc]

Fixes: 5df16caada3f ("KEYS: trusted: Fix incorrect handling of tpm_get_random()")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 security/keys/trusted-keys/trusted_tpm1.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 469394550801..aa108bea6739 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -493,10 +493,12 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
 
 	ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
 	if (ret < 0)
-		return ret;
+		goto out;
 
-	if (ret != TPM_NONCE_SIZE)
-		return -EIO;
+	if (ret != TPM_NONCE_SIZE) {
+		ret = -EIO;
+		goto out;
+	}
 
 	ordinal = htonl(TPM_ORD_SEAL);
 	datsize = htonl(datalen);
-- 
2.30.2