| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Feb 2013 16:56:58 -0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>, Dmitry Kasatkin <dmitry.kasatkin@...el.com>, James Morris <james.l.morris@...cle.com> Subject: [ 02/34] digsig: Fix memory leakage in digsig_verify_rsa() 3.7-stable review patch. If anyone has any objections, please let me know. ------------------ From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> commit 7810cc1e7721220f1ed2a23ca95113d6434f6dcd upstream. digsig_verify_rsa() does not free kmalloc'ed buffer returned by mpi_get_buffer(). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com> Signed-off-by: James Morris <james.l.morris@...cle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- lib/digsig.c | 2 ++ 1 file changed, 2 insertions(+) --- a/lib/digsig.c +++ b/lib/digsig.c @@ -162,6 +162,8 @@ static int digsig_verify_rsa(struct key memset(out1, 0, head); memcpy(out1 + head, p, l); + kfree(p); + err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); if (err) goto err; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists