lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1102112211230.16994@swampdragon.chaosbits.net>
Date:	Fri, 11 Feb 2011 22:14:44 +0100 (CET)
From:	Jesper Juhl <jj@...osbits.net>
To:	"Paoloni, Gabriele" <gabriele.paoloni@...el.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	tadeusz.struk@...el.com
cc:	Pavel Machek <pavel@....cz>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
	"O Mahony, Aidan" <aidan.o.mahony@...el.com>,
	"Hoban, Adrian" <adrian.hoban@...el.com>
Subject: RE: [PATCH](updated) rfc4106, Intel, AES-NI: Don't leak memory in
 rfc4106_set_hash_subkey()..

On Fri, 11 Feb 2011, Jesper Juhl wrote:

> On Fri, 11 Feb 2011, Jesper Juhl wrote:
> 
> > On Fri, 11 Feb 2011, Paoloni, Gabriele wrote:
> > 
> > > Well anyway I think that the return value of "ablkcipher_request_alloc(ctr_tfm, GFP_KERNEL)" has to be changed from -EINVAL to -ENOMEM in case of failure. That is why would stay on the patch that Tadeusz proposed. Otherwise Juhl should send another one....
> > > 
> > I'll take a look again later this evening when I get home from work.
> > 
> Hopefully this takes care of all complaints and can actually get merged so 
> we can get the leak fixed (patch is against current cryptodev-2.6 tree).
> 
> 
> Fix up previous patch that failed to properly fix mem leak in 
> rfc4106_set_hash_subkey(). This add-on patch; fixes the leak. moves 
> kfree() out of the error path, returns -ENOMEM rather than -EINVAL when 
> ablkcipher_request_alloc() fails.
> 

And of course I just had to screw up and send the wrong diff. The one I 
sent does not compile and was a temporary file I imported into the mail by 
accident :-(
Below is the real patch - changelog above still applies - sorry about 
that.

Signed-off-by: Jesper Juhl <jj@...osbits.net>
---
 aesni-intel_glue.c |   15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index e013552..e0e6340 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -874,19 +874,17 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len)
 
 	ret = crypto_ablkcipher_setkey(ctr_tfm, key, key_len);
 	if (ret)
-		goto out;
+		goto out_free_ablkcipher;
 
+	ret = -ENOMEM;
 	req = ablkcipher_request_alloc(ctr_tfm, GFP_KERNEL);
-	if (!req) {
-		ret = -EINVAL;
+	if (!req)
 		goto out_free_ablkcipher;
-	}
 
 	req_data = kmalloc(sizeof(*req_data), GFP_KERNEL);
-	if (!req_data) {
-		ret = -ENOMEM;
+	if (!req_data)
 		goto out_free_request;
-	}
+
 	memset(req_data->iv, 0, sizeof(req_data->iv));
 
 	/* Clear the data in the hash sub key container to zero.*/
@@ -911,12 +909,11 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len)
 		if (!ret)
 			ret = req_data->result.err;
 	}
+	kfree(req_data);
 out_free_request:
 	ablkcipher_request_free(req);
-	kfree(req_data);
 out_free_ablkcipher:
 	crypto_free_ablkcipher(ctr_tfm);
-out:
 	return ret;
 }
 
 
-- 
Jesper Juhl <jj@...osbits.net>            http://www.chaosbits.net/
Plain text mails only, please.
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ