2020-06-11 08:30:04

by Zheng Bin

[permalink] [raw]
Subject: [PATCH] crypto: drbg - Fix memleak in drbg_prepare_hrng

drbg_prepare_hrng
drbg->jent = crypto_alloc_rng
err = add_random_ready_callback
default:
drbg->random_ready.func = NULL -->set NULL, if fail

drbg_uninstantiate
if (drbg->random_ready.func) -->If NULL, will not free drbg->jent
crypto_free_rng(drbg->jent)

Need to free drbg->jent if add_random_ready_callback return fail.

Fixes: 97f2650e5040 ("crypto: drbg - always seeded with SP800-90B compliant noise source")
Signed-off-by: Zheng Bin <[email protected]>
---
crypto/drbg.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 37526eb8c5d5..a643ab7eac7a 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1524,6 +1524,8 @@ static int drbg_prepare_hrng(struct drbg_state *drbg)
/* fall through */

default:
+ crypto_free_rng(drbg->jent);
+ drbg->jent = NULL;
drbg->random_ready.func = NULL;
return err;
}
--
2.26.0.106.g9fadedd


2020-06-11 08:36:46

by Stephan Müller

[permalink] [raw]
Subject: Re: [PATCH] crypto: drbg - Fix memleak in drbg_prepare_hrng

Am Donnerstag, 11. Juni 2020, 10:33:56 CEST schrieb Zheng Bin:

Hi Zheng,

Thank you for the note, but I think this is handled, albeit differently.
Search for patch "[PATCH v3] crypto: DRBG - always try to free Jitter RNG
instance" that is sent to the list (but not yet applied).

Thanks



> drbg_prepare_hrng
> drbg->jent = crypto_alloc_rng
> err = add_random_ready_callback
> default:
> drbg->random_ready.func = NULL -->set NULL, if fail
>
> drbg_uninstantiate
> if (drbg->random_ready.func) -->If NULL, will not free drbg->jent
> crypto_free_rng(drbg->jent)
>
> Need to free drbg->jent if add_random_ready_callback return fail.
>
> Fixes: 97f2650e5040 ("crypto: drbg - always seeded with SP800-90B compliant
> noise source") Signed-off-by: Zheng Bin <[email protected]>
> ---
> crypto/drbg.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index 37526eb8c5d5..a643ab7eac7a 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -1524,6 +1524,8 @@ static int drbg_prepare_hrng(struct drbg_state *drbg)
> /* fall through */
>
> default:
> + crypto_free_rng(drbg->jent);
> + drbg->jent = NULL;
> drbg->random_ready.func = NULL;
> return err;
> }
> --
> 2.26.0.106.g9fadedd


Ciao
Stephan