lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Jan 2013 12:02:03 +1100 (EST) From: James Morris <jmorris@...ei.org> To: "Kasatkin, Dmitry" <dmitry.kasatkin@...el.com> cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH 1/1] digsig: Fix memory leakage in digsig_verify_rsa() What's the practical impact of this? Could an attacker kill the machine? On Wed, 30 Jan 2013, Kasatkin, Dmitry wrote: > On Fri, Jan 25, 2013 at 4:54 PM, Dmitry Kasatkin > <dmitry.kasatkin@...el.com> wrote: > > From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> > > > > digsig_verify_rsa() does not free kmalloc'ed buffer returned by > > mpi_get_buffer(). > > > > Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> > > Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com> > > Cc: stable@...r.kernel.org > > --- > > lib/digsig.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/lib/digsig.c b/lib/digsig.c > > index 8c0e629..dc2be7e 100644 > > --- a/lib/digsig.c > > +++ b/lib/digsig.c > > @@ -162,6 +162,8 @@ static int digsig_verify_rsa(struct key *key, > > memset(out1, 0, head); > > memcpy(out1 + head, p, l); > > > > + kfree(p); > > + > > err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); > > if (err) > > goto err; > > -- > > 1.7.10.4 > > > > James, can you please apply this patch. > > - Dmitry > -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists